How to disable client-side GRPC server cert hostname validation?

Question

Currently I'm setting up the channel authentication for my gRPC client as follows:

std::shared_ptr<grpc::ChannelCredentials> channel_creds;
auto metadata = grpc::ChannelArguments();

// ...
grpc::SslCredentialsOptions sslOpts{};
sslOpts.pem_root_certs = // PEM with the Root CA cert's public key
sslOpts.pem_cert_chain = // PEM for client cert's public key
sslOpts.pem_private_key = // PEM for client cert's private key

channel_creds = grpc::SslCredentials(sslOpts);
metadata.SetSslTargetNameOverride(mbServerCertSubjectName.second.get());

// ...
grpc::CreateCustomChannel(addr_str, channel_creds, metadata);

This is almost perfect, but I'd like to disable the certificate name validation: I'd just like to accept anything as long as it chains to the pem_root_certs that I provide.

This seems achievable if I could create a TlsChannelCredentialsOptions struct with its grpc_tls_server_verification_option field set to GRPC_TLS_SKIP_HOSTNAME_VERIFICATION, but the interface for TlsCredentialsOptions is totally different from SslCredentialsOptions and I don't know how to set it up to authenticate based on the PEM files that I'm providing to sslOpts here.

How can I translate my desired logic over to TlsChannelCredentialsOptions?

Answer 1

try this one:

grpc::ChannelArguments gargs;
gargs.SetSslTargetNameOverride("domian name you want to ignore");

client client(grpc::CreateCustomChannel("ipverson:xxx.xxx.xxx.xxx:port", ssl_creds, gargs));