Hi,
I’m trying to connect to the temporal grpc server using the rust core-sdk. I’m able to currently connect and start workflows using a plain temporal server.
However, if i try to connect to temporal cloud and try to do the same thing, I need to use mTLS to connect & this is where I have some trouble.
If i simplify it to the tonic channel
let certificate = r#"-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
"#
let ca_chain = r#"-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----"#;
let certificate_chain = format!("{}{}", certificate, ca_chain);
let identity = Identity::from_pem(certificate_chain, pki.private_key.clone());
let tls = ClientTlsConfig::new()
.domain_name("<name>")
.identity(identity);
let channel = Channel::from_static("http://<connection>.tmprl.cloud:7233")
.tls_config(tls).unwrap().connect().await;
This will give me the error
channel: Err(tonic::transport::Error(Transport, hyper::Error(Connect, Custom { kind: InvalidData, error: CorruptMessage })))
Separately, I also tried using the sdk-core client api directly and come into an issue.
let client_cert = tokio::fs::read(
"/Users/tp/Downloads/chain.pem",
)
.await
.unwrap();
let client_private_key = tokio::fs::read(
"/Users/tp/Downloads/key.pem",
)
.await
.unwrap();
let sgo = ClientOptionsBuilder::default()
.target_url(Url::from_str("http://<site>.tmprl.cloud:7233").unwrap())
.client_name("tls_tester")
.client_version("1.5")
.tls_cfg(TlsConfig {
server_root_ca_cert: None,
domain: Some("<host>".to_string()),
client_tls_config: Some(ClientTlsConfig {
client_cert: client_cert,
client_private_key: client_private_key,
}),
})
.build()
.unwrap();
let con = sgo
.connect("default".to_string(), None, None)
.await
.unwrap();
con.list_namespaces().await.unwrap();
I can’t quite figure out why I cant connect. I’d also note that the certificates/chains and private key work perfectly fine with both the typescript and the go-sdk
Hoping i can get some help!