HomePhabricator
Diffusion Comm 62bd71eae42a

[grpc_clients] fix gRPC client on native

Description

[grpc_clients] fix gRPC client on native

Summary:
The gRPC client needs a set of root certificates for the TLS handshake. When running the keyserver (both inside a Docker container and not) or simulator, the client is able to locate the root certificates at one of the paths we had enumerated. However, on physical iOS and Android devices, the certificates have to be bundled with the app.

The tls-webpki-roots feature adds Mozilla's root certificates to our rustls-based gRPC client, so we don't have to rely on platform certs.

Test Plan:
This branch contains @kamil's code from D10327. I used that code (and verifyUserLoggedIn on keyserver) to test that the shared gRPC client could talk to staging AND local identity services (https and http) from:

  • local keyserver (non-Docker)
  • local keyserver (Docker)
  • iOS simulator
  • Android emulator
  • Physical iPhone
  • Physical Pixel 3

Reviewers: bartek, kamil, ashoat

Reviewed By: bartek

Subscribers: tomek, kamil

Differential Revision: https://phab.comm.dev/D10343

Details

Provenance
varunAuthored on Dec 14 2023, 6:08 PM
Reviewer
bartek
Differential Revision
D10343: [grpc_clients] fix gRPC client on native
Parents
rCOMMd4f399fb614e: [grpc_clients] add connect_timeout to shared grpc client
Branches
Unknown
Tags
Unknown