Ability to use OTLP servers with self-signed certificates #3393

ejsmith · 2022-06-20T19:33:32Z

Feature Request

My OTLP server has a self-signed SSL certificate, but there is no way for me to configure the GrpcChannelOptions in order to customize how the certificates are validated. I've read through various issues and there seems to be a desire to not expose GrpcChannelOptions which is fine, but there needs to be some sort of way to customize how certificates are validated. Ideally, I'd like to check the certificates thumbprint to validate it and I can also see wanting to just ignore cert errors just for the OTLP server requests.

It seems like it would be nice if the HttpClientFactory was used to set the HttpClient property on the GrpcChannelOptions. Then I could configure the client just for that export service.

The text was updated successfully, but these errors were encountered:

cijothomas · 2022-06-24T04:59:58Z

@alanwest might be able to recommend the options, if any. I believe this is same as #2009

Maybe related is #2120

alanwest · 2022-06-24T17:41:39Z

options, if any

Yea, there are no options today.

It seems like it would be nice if the HttpClientFactory was used to set the HttpClient property on the GrpcChannelOptions.

Agreed. This occurred to me in the past as well when the HttpClientFactory options was introduced for http/protobuf. I just haven't had a chance to experiment with this idea yet.

The option in #2009 to implement the additional configuration options required by the specification should probably be done anyways just to be consistent with other language SDKs, but as you note, it's a limited solution that doesn't quite get you what you're after.

The other option that might get you what you're after is to expose the GrpcChannelOptions from the exporter's config. We originally had it this way, but scoped it down to just the options defined in the spec prior to the 1.0 release. That said, I'd be keen on exploring the HttpClientFactory idea first.

Maybe related is #2120

I think #2120 is the same as what you'd like. The ability to bypass or customize cert validation.

github-actions · 2024-09-25T03:19:47Z

This issue was marked stale due to lack of activity and will be closed in 7 days. Commenting will instruct the bot to automatically remove the label. This bot runs once per day.

ejsmith added the enhancement New feature or request label Jun 20, 2022

cijothomas added the pkg:OpenTelemetry.Exporter.OpenTelemetryProtocol Issues related to OpenTelemetry.Exporter.OpenTelemetryProtocol NuGet package label Jun 24, 2022

alanwest mentioned this issue Jul 6, 2022

Use Grpc.Net.Client with netstandard2.0 for OpenTelemetry.Exporter.OpenTelemetryProtocol #3421

Closed

alanwest mentioned this issue Nov 1, 2022

Refactor OTLP mock collector test #3849

Merged

dhhoang mentioned this issue Jun 29, 2023

Make OtlpExporterOptions.HttpClientFactory work with GRPC protocol #4625

Closed

4 tasks

github-actions bot added the Stale Issues and pull requests which have been flagged for closing due to inactivity label Sep 25, 2024

TimothyMothra added this to the Future milestone Sep 26, 2024

TimothyMothra removed the Stale Issues and pull requests which have been flagged for closing due to inactivity label Sep 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ability to use OTLP servers with self-signed certificates #3393

Ability to use OTLP servers with self-signed certificates #3393

ejsmith commented Jun 20, 2022

cijothomas commented Jun 24, 2022

alanwest commented Jun 24, 2022 •

edited

Loading

github-actions bot commented Sep 25, 2024

Ability to use OTLP servers with self-signed certificates #3393

Ability to use OTLP servers with self-signed certificates #3393

Comments

ejsmith commented Jun 20, 2022

Feature Request

cijothomas commented Jun 24, 2022

alanwest commented Jun 24, 2022 • edited Loading

github-actions bot commented Sep 25, 2024

alanwest commented Jun 24, 2022 •

edited

Loading