Removing the hardcoded SSL roots.

- Makes 2 tests fail:
  - httpcli_test
  - interop_test
pull/661/head
Julien Boeuf 10 years ago
parent b472e2364a
commit 1bc21a46db
  1. 3
      Makefile
  2. 2
      build.json
  3. 12
      src/core/httpcli/httpcli.c
  4. 11277
      src/core/security/google_root_certs.c
  5. 40
      src/core/security/google_root_certs.h
  6. 4
      src/core/security/security_context.c
  7. 2
      src/core/security/security_context.h
  8. 3
      vsprojects/vs2013/grpc.vcxproj
  9. 6
      vsprojects/vs2013/grpc.vcxproj.filters
  10. 3
      vsprojects/vs2013/grpc_shared.vcxproj
  11. 6
      vsprojects/vs2013/grpc_shared.vcxproj.filters

@ -2237,7 +2237,6 @@ LIBGRPC_SRC = \
src/core/security/base64.c \ src/core/security/base64.c \
src/core/security/credentials.c \ src/core/security/credentials.c \
src/core/security/factories.c \ src/core/security/factories.c \
src/core/security/google_root_certs.c \
src/core/security/json_token.c \ src/core/security/json_token.c \
src/core/security/secure_endpoint.c \ src/core/security/secure_endpoint.c \
src/core/security/secure_transport_setup.c \ src/core/security/secure_transport_setup.c \
@ -2377,7 +2376,6 @@ src/core/security/auth.c: $(OPENSSL_DEP)
src/core/security/base64.c: $(OPENSSL_DEP) src/core/security/base64.c: $(OPENSSL_DEP)
src/core/security/credentials.c: $(OPENSSL_DEP) src/core/security/credentials.c: $(OPENSSL_DEP)
src/core/security/factories.c: $(OPENSSL_DEP) src/core/security/factories.c: $(OPENSSL_DEP)
src/core/security/google_root_certs.c: $(OPENSSL_DEP)
src/core/security/json_token.c: $(OPENSSL_DEP) src/core/security/json_token.c: $(OPENSSL_DEP)
src/core/security/secure_endpoint.c: $(OPENSSL_DEP) src/core/security/secure_endpoint.c: $(OPENSSL_DEP)
src/core/security/secure_transport_setup.c: $(OPENSSL_DEP) src/core/security/secure_transport_setup.c: $(OPENSSL_DEP)
@ -2534,7 +2532,6 @@ $(OBJDIR)/$(CONFIG)/src/core/security/auth.o:
$(OBJDIR)/$(CONFIG)/src/core/security/base64.o: $(OBJDIR)/$(CONFIG)/src/core/security/base64.o:
$(OBJDIR)/$(CONFIG)/src/core/security/credentials.o: $(OBJDIR)/$(CONFIG)/src/core/security/credentials.o:
$(OBJDIR)/$(CONFIG)/src/core/security/factories.o: $(OBJDIR)/$(CONFIG)/src/core/security/factories.o:
$(OBJDIR)/$(CONFIG)/src/core/security/google_root_certs.o:
$(OBJDIR)/$(CONFIG)/src/core/security/json_token.o: $(OBJDIR)/$(CONFIG)/src/core/security/json_token.o:
$(OBJDIR)/$(CONFIG)/src/core/security/secure_endpoint.o: $(OBJDIR)/$(CONFIG)/src/core/security/secure_endpoint.o:
$(OBJDIR)/$(CONFIG)/src/core/security/secure_transport_setup.o: $(OBJDIR)/$(CONFIG)/src/core/security/secure_transport_setup.o:

@ -307,7 +307,6 @@
"src/core/security/auth.h", "src/core/security/auth.h",
"src/core/security/base64.h", "src/core/security/base64.h",
"src/core/security/credentials.h", "src/core/security/credentials.h",
"src/core/security/google_root_certs.h",
"src/core/security/json_token.h", "src/core/security/json_token.h",
"src/core/security/secure_transport_setup.h", "src/core/security/secure_transport_setup.h",
"src/core/security/security_context.h", "src/core/security/security_context.h",
@ -321,7 +320,6 @@
"src/core/security/base64.c", "src/core/security/base64.c",
"src/core/security/credentials.c", "src/core/security/credentials.c",
"src/core/security/factories.c", "src/core/security/factories.c",
"src/core/security/google_root_certs.c",
"src/core/security/json_token.c", "src/core/security/json_token.c",
"src/core/security/secure_endpoint.c", "src/core/security/secure_endpoint.c",
"src/core/security/secure_transport_setup.c", "src/core/security/secure_transport_setup.c",

@ -43,7 +43,6 @@
#include "src/core/httpcli/httpcli_security_context.h" #include "src/core/httpcli/httpcli_security_context.h"
#include "src/core/httpcli/parser.h" #include "src/core/httpcli/parser.h"
#include "src/core/security/security_context.h" #include "src/core/security/security_context.h"
#include "src/core/security/google_root_certs.h"
#include "src/core/security/secure_transport_setup.h" #include "src/core/security/secure_transport_setup.h"
#include "src/core/support/string.h" #include "src/core/support/string.h"
#include <grpc/support/alloc.h> #include <grpc/support/alloc.h>
@ -182,9 +181,16 @@ static void on_connected(void *arg, grpc_endpoint *tcp) {
req->ep = tcp; req->ep = tcp;
if (req->use_ssl) { if (req->use_ssl) {
grpc_channel_security_context *ctx = NULL; grpc_channel_security_context *ctx = NULL;
const unsigned char *pem_root_certs = NULL;
size_t pem_root_certs_size = grpc_get_default_ssl_roots(&pem_root_certs);
if (pem_root_certs == NULL || pem_root_certs_size == 0) {
gpr_log(GPR_ERROR, "Could not get default pem root certs.");
finish(req, 0);
return;
}
GPR_ASSERT(grpc_httpcli_ssl_channel_security_context_create( GPR_ASSERT(grpc_httpcli_ssl_channel_security_context_create(
grpc_google_root_certs, grpc_google_root_certs_size, pem_root_certs, pem_root_certs_size, req->host, &ctx) ==
req->host, &ctx) == GRPC_SECURITY_OK); GRPC_SECURITY_OK);
grpc_setup_secure_transport(&ctx->base, tcp, on_secure_transport_setup_done, grpc_setup_secure_transport(&ctx->base, tcp, on_secure_transport_setup_done,
req); req);
grpc_security_context_unref(&ctx->base); grpc_security_context_unref(&ctx->base);

File diff suppressed because it is too large Load Diff

@ -1,40 +0,0 @@
/*
*
* Copyright 2015, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef __GRPC_INTERNAL_SECURITY_GOOGLE_ROOT_CERTS_H__
#define __GRPC_INTERNAL_SECURITY_GOOGLE_ROOT_CERTS_H__
extern unsigned char grpc_google_root_certs[];
extern unsigned int grpc_google_root_certs_size;
#endif /* __GRPC_INTERNAL_SECURITY_GOOGLE_ROOT_CERTS_H__ */

@ -406,7 +406,7 @@ static void init_default_pem_root_certs(void) {
} }
} }
static size_t get_default_pem_roots(const unsigned char **pem_root_certs) { size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs) {
/* TODO(jboeuf@google.com): Maybe revisit the approach which consists in /* TODO(jboeuf@google.com): Maybe revisit the approach which consists in
loading all the roots once for the lifetime of the process. */ loading all the roots once for the lifetime of the process. */
static gpr_once once = GPR_ONCE_INIT; static gpr_once once = GPR_ONCE_INIT;
@ -460,7 +460,7 @@ grpc_security_status grpc_ssl_channel_security_context_create(
c->overridden_target_name = gpr_strdup(overridden_target_name); c->overridden_target_name = gpr_strdup(overridden_target_name);
} }
if (config->pem_root_certs == NULL) { if (config->pem_root_certs == NULL) {
pem_root_certs_size = get_default_pem_roots(&pem_root_certs); pem_root_certs_size = grpc_get_default_ssl_roots(&pem_root_certs);
if (pem_root_certs == NULL || pem_root_certs_size == 0) { if (pem_root_certs == NULL || pem_root_certs_size == 0) {
gpr_log(GPR_ERROR, "Could not get default pem root certs."); gpr_log(GPR_ERROR, "Could not get default pem root certs.");
goto error; goto error;

@ -171,6 +171,8 @@ grpc_security_status grpc_ssl_server_security_context_create(
/* Secure client channel creation. */ /* Secure client channel creation. */
size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs);
grpc_channel *grpc_ssl_channel_create(grpc_credentials *ssl_creds, grpc_channel *grpc_ssl_channel_create(grpc_credentials *ssl_creds,
grpc_credentials *request_metadata_creds, grpc_credentials *request_metadata_creds,
const char *target, const char *target,

@ -88,7 +88,6 @@
<ClInclude Include="..\..\src\core\security\auth.h" /> <ClInclude Include="..\..\src\core\security\auth.h" />
<ClInclude Include="..\..\src\core\security\base64.h" /> <ClInclude Include="..\..\src\core\security\base64.h" />
<ClInclude Include="..\..\src\core\security\credentials.h" /> <ClInclude Include="..\..\src\core\security\credentials.h" />
<ClInclude Include="..\..\src\core\security\google_root_certs.h" />
<ClInclude Include="..\..\src\core\security\json_token.h" /> <ClInclude Include="..\..\src\core\security\json_token.h" />
<ClInclude Include="..\..\src\core\security\secure_transport_setup.h" /> <ClInclude Include="..\..\src\core\security\secure_transport_setup.h" />
<ClInclude Include="..\..\src\core\security\security_context.h" /> <ClInclude Include="..\..\src\core\security\security_context.h" />
@ -195,8 +194,6 @@
</ClCompile> </ClCompile>
<ClCompile Include="..\..\src\core\security\factories.c"> <ClCompile Include="..\..\src\core\security\factories.c">
</ClCompile> </ClCompile>
<ClCompile Include="..\..\src\core\security\google_root_certs.c">
</ClCompile>
<ClCompile Include="..\..\src\core\security\json_token.c"> <ClCompile Include="..\..\src\core\security\json_token.c">
</ClCompile> </ClCompile>
<ClCompile Include="..\..\src\core\security\secure_endpoint.c"> <ClCompile Include="..\..\src\core\security\secure_endpoint.c">

@ -13,9 +13,6 @@
<ClCompile Include="..\..\src\core\security\factories.c"> <ClCompile Include="..\..\src\core\security\factories.c">
<Filter>src\core\security</Filter> <Filter>src\core\security</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="..\..\src\core\security\google_root_certs.c">
<Filter>src\core\security</Filter>
</ClCompile>
<ClCompile Include="..\..\src\core\security\json_token.c"> <ClCompile Include="..\..\src\core\security\json_token.c">
<Filter>src\core\security</Filter> <Filter>src\core\security</Filter>
</ClCompile> </ClCompile>
@ -362,9 +359,6 @@
<ClInclude Include="..\..\src\core\security\credentials.h"> <ClInclude Include="..\..\src\core\security\credentials.h">
<Filter>src\core\security</Filter> <Filter>src\core\security</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\..\src\core\security\google_root_certs.h">
<Filter>src\core\security</Filter>
</ClInclude>
<ClInclude Include="..\..\src\core\security\json_token.h"> <ClInclude Include="..\..\src\core\security\json_token.h">
<Filter>src\core\security</Filter> <Filter>src\core\security</Filter>
</ClInclude> </ClInclude>

@ -92,7 +92,6 @@
<ClInclude Include="..\..\src\core\security\auth.h" /> <ClInclude Include="..\..\src\core\security\auth.h" />
<ClInclude Include="..\..\src\core\security\base64.h" /> <ClInclude Include="..\..\src\core\security\base64.h" />
<ClInclude Include="..\..\src\core\security\credentials.h" /> <ClInclude Include="..\..\src\core\security\credentials.h" />
<ClInclude Include="..\..\src\core\security\google_root_certs.h" />
<ClInclude Include="..\..\src\core\security\json_token.h" /> <ClInclude Include="..\..\src\core\security\json_token.h" />
<ClInclude Include="..\..\src\core\security\secure_transport_setup.h" /> <ClInclude Include="..\..\src\core\security\secure_transport_setup.h" />
<ClInclude Include="..\..\src\core\security\security_context.h" /> <ClInclude Include="..\..\src\core\security\security_context.h" />
@ -199,8 +198,6 @@
</ClCompile> </ClCompile>
<ClCompile Include="..\..\src\core\security\factories.c"> <ClCompile Include="..\..\src\core\security\factories.c">
</ClCompile> </ClCompile>
<ClCompile Include="..\..\src\core\security\google_root_certs.c">
</ClCompile>
<ClCompile Include="..\..\src\core\security\json_token.c"> <ClCompile Include="..\..\src\core\security\json_token.c">
</ClCompile> </ClCompile>
<ClCompile Include="..\..\src\core\security\secure_endpoint.c"> <ClCompile Include="..\..\src\core\security\secure_endpoint.c">

@ -13,9 +13,6 @@
<ClCompile Include="..\..\src\core\security\factories.c"> <ClCompile Include="..\..\src\core\security\factories.c">
<Filter>src\core\security</Filter> <Filter>src\core\security</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="..\..\src\core\security\google_root_certs.c">
<Filter>src\core\security</Filter>
</ClCompile>
<ClCompile Include="..\..\src\core\security\json_token.c"> <ClCompile Include="..\..\src\core\security\json_token.c">
<Filter>src\core\security</Filter> <Filter>src\core\security</Filter>
</ClCompile> </ClCompile>
@ -362,9 +359,6 @@
<ClInclude Include="..\..\src\core\security\credentials.h"> <ClInclude Include="..\..\src\core\security\credentials.h">
<Filter>src\core\security</Filter> <Filter>src\core\security</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="..\..\src\core\security\google_root_certs.h">
<Filter>src\core\security</Filter>
</ClInclude>
<ClInclude Include="..\..\src\core\security\json_token.h"> <ClInclude Include="..\..\src\core\security\json_token.h">
<Filter>src\core\security</Filter> <Filter>src\core\security</Filter>
</ClInclude> </ClInclude>

Loading…
Cancel
Save