authentication handshake failed: x509: cannot validate certificate for 127.0.0.1 because it doesn\'t contain any IP SANs"

[vinhyenvodoi98]

I just learned about lightning network.

i start by this cmd

lnd --rpclisten=localhost:10001 --listen=localhost:10011 --restlisten=localhost:8001 --datadir=data --logdir=log --debuglevel=info --bitcoin.simnet --bitcoin.active --bitcoin.node=btcd --btcd.rpcuser=kek --btcd.rpcpass=kek

then

lncli --rpcserver=localhost:10001 --macaroonpath=data/chain/bitcoin/simnet/admin.macaroon create

then

lncli --rpcserver=localhost:10001 --macaroonpath=data/chain/bitcoin/simnet/admin.macaroon getinfo

It works very well with gRPC

But when i try to connect using REST and node it doesn't work

var fs = require('fs');
var request = require('request');
var macaroon = fs.readFileSync('./data/chain/bitcoin/simnet/admin.macaroon').toString('hex');

var options = {
  url: 'https://localhost:8001/v1/getinfo',
  // Work-around for self-signed certificates.
  rejectUnauthorized: false,
  json: true,
  headers: {
    'Grpc-Metadata-macaroon': macaroon
  }
};

request.get(options, function(error, response, body) {
  console.log(body);
});

it return

{ error:
   'all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: cannot validate certificate for 127.0.0.1 because it doesn\'t contain any IP SANs"',
  code: 14,
  message:
   'all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: cannot validate certificate for 127.0.0.1 because it doesn\'t contain any IP SANs"' }

what should i do to connect using REST API . Thanks !!!

[guggero]

This is very strange. The error message looks like something that you would get from a gRPC connection, not REST. If you do curl -k https://localhost:8001/v1/getinfo do you get the same result?

And is the gRPC connection with lncli still working? Because I think this error might come from the connection to btcd and is just forwarded. But then you should get the same error with lncli.

[vinhyenvodoi98]

@guggero
when i do curl -k https://localhost:8001/v1/getinfo i get the same result .

lnd --rpclisten=localhost:10001 --listen=localhost:10011 --restlisten=localhost:8001 --datadir=data --logdir=log --debuglevel=info --bitcoin.simnet --bitcoin.active --bitcoin.node=btcd --btcd.rpcuser=kek --btcd.rpcpass=kek

i thought --restlisten=localhost:8001 that mean exposing a REST api for interacting with lnd over HTTP
but after i run command it return :

2019-11-10 18:07:47.661 [INF] RPCS: RPC server listening on 127.0.0.1:10001
2019-11-10 18:07:47.662 [INF] RPCS: gRPC proxy started at 127.0.0.1:8001

I'm not sure about REST is working .
gRPC connection with lncli is still working .

[guggero]

I'm not sure about REST is working .

We use a package called grpc-gateway that translates REST calls into gRPC calls. That's why it says gRPC proxy started instead of REST server listening. It should work that way.

What version of lnd are you using?

Can you please try the following:

1. Stop lnd
2. Delete the tls.key and tls.cert file in your lnd data directory (most likely ~/.lnd/)
3. Start lnd again, with the following extra argument: --tlsextraip 127.0.0.1
4. Try REST again

[vinhyenvodoi98]

@guggero
Thank you for your response.
one more question before i close this issue

after i give up on REST i try to use gRPC . how can i openChannelSync
https://api.lightning.community/#openchannelsync

var request = { 
    node_pubkey: <bytes>, 
    node_pubkey_string: <string>, 
    local_funding_amount: <int64>, 
    push_sat: <int64>, 
    target_conf: <int32>, 
    sat_per_byte: <int64>, 
    private: <bool>, 
    min_htlc_msat: <int64>, 
    remote_csv_delay: <uint32>, 
    min_confs: <int32>, 
    spend_unconfirmed: <bool>, 
  } 
  lightning.openChannelSync(request, function(err, response) {
    console.log(response);
  })

how can i get node_pubkey: <bytes>
is node_pubkey_string:<string> identity_pubkey when i getInfo of other node ?

could you giving me a sample of openChannelSync ?

thanks

[guggero]

I would be interested to know if the above steps would help. So if you ever find time to try, I'd appreciate it.

You don't need to provide all parameters, some are optional.
The node_pubkey only needs to be provided in one format, either as byte array or hex encoded.
Yes, it is the identity_pubkey of the other node.

I think something like this should work for you (untested):

var otherNodePubkeyString = '03xxx'; // could also start with 02...
var channelSizeInSatoshi = 500000;
var request = { 
    node_pubkey_string: otherNodePubkeyString, 
    local_funding_amount: channelSizeInSatoshi, 
    push_sat: 0, 
    target_conf: 1, 
    private: false, 
    min_confs: 3, 
    spend_unconfirmed: false, 
  } 

[Roasbeef]

Closing this as it appears to be an issue of user-side code.

[vinhyenvodoi98]

@guggero
@Roasbeef
this is my code

 var pubkey = '02167027b00c59fa2bc40e0adfc3aa1d7046e66b6b233e58595913b48d83f31f27';
 var request = {
   node_pubkey_string: pubkey,
   local_funding_amount: 500,
   push_sat: 0,
   target_conf: 1,
   private: false,
   min_confs: 3,
   spend_unconfirmed: false
 };
 lightning.openChannelSync(request, function(err, response) {
   console.log(response);
 });

and the ERR is
2019-11-12 14:46:38.211 [ERR] RPCS: [/lnrpc.Lightning/OpenChannelSync]: pubkey string is empty

I've read #3404 by my pubkey is Hex-encoded string already

What is the problem about this error?

[guggero]

This should work... What version of lnd are you using? And what version of the rpc.proto are you feeding into the grpc library in this line:
var lnrpcDescriptor = grpc.load("rpc.proto");

[vinhyenvodoi98]

@guggero
no i use @grpc/proto-loader because of this
https://stackoverflow.com/questions/53637292/deprecationwarning-grpc-load-use-the-grpc-proto-loader-instead

var grpc = require('grpc');
var protoLoader = require('@grpc/proto-loader');

const packageDefinition = protoLoader.loadSync('./rpc.proto');
const lnrpc = grpc.loadPackageDefinition(packageDefinition).lnrpc;

lightning.walletBalance , lightning.listPeers ,lightning.connectPeer ,... all is working . i afraid that parameter of openChannelSync is incorrect

[guggero]

That's fine too. But you didn't answer my question. What version of the code are you using? Are you using the master branch of lnd? Or which commit?

[vinhyenvodoi98]

@guggero
oh sorry, my apologies
i use "version": "0.8.0-beta commit=",

Are you using the master branch of lnd

yes i just clone it last week

[guggero]

Ok, I figured it out. The problem is the @grpc/proto-loader.
It changes the field names from snake_case to camelCase.
So you either change all fields to camel case or tell it to not change the case:

const packageDefinition = protoLoader.loadSync('./rpc.proto', {keepCase: true});

[vinhyenvodoi98]

Thanks you so much is working very well .

const packageDefinition = protoLoader.loadSync('./rpc.proto', {keepCase: true});

this line took me 2 days :)))

[guggero]

You're welcome!

Well, talking from experience, optimizing the code of a tutorial before you get it fully working is usually a bad idea. And now you know why we didn't use the proto-loader before.
If you want to update the docs/tutorial, PRs are welcome!

[vinhyenvodoi98]

as soon as i can
Thank you again for everything you’ve done