Revert "Adding a constant for a well known place where the SSL roots are installed."

10 years ago · 2c29920e73
parent 1d435e10cc
commit 2c29920e73
3 changed files with 2 additions and 50 deletions
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@ -73,11 +73,8 @@ typedef struct {

 /* Creates an SSL credentials object.
   - pem_roots_cert is the NULL-terminated string containing the PEM encoding
-     of the server root certificates. If this parameter is NULL, the
-     implementation will first try to dereference the file pointed by the
-     GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
-     will try to dereference the GRPC_SSL_ROOTS_WELL_KNOWN_PATH defined in
-     ssl_roots.h (which value is patched during the grpc Install process).
+     of the server root certificates. If this parameter is NULL, the default
+     roots will be used.
   - pem_key_cert_pair is a pointer on the object containing client's private
     key and certificate chain. This parameter can be NULL if the client does
     not have such a key/cert pair.  */
--- a/src/core/security/security_context.c
+++ b/src/core/security/security_context.c
@ -39,7 +39,6 @@
 #include "src/core/channel/http_client_filter.h"
 #include "src/core/security/credentials.h"
 #include "src/core/security/secure_endpoint.h"
-#include "src/core/security/ssl_roots.h"
 #include "src/core/support/env.h"
 #include "src/core/support/file.h"
 #include "src/core/support/string.h"
@ -404,10 +403,6 @@ static void init_default_pem_root_certs(void) {
  } else {
    default_pem_root_certs = gpr_load_file(default_root_certs_path, NULL);
    gpr_free(default_root_certs_path);
-    if (GPR_SLICE_IS_EMPTY(default_pem_root_certs)) {
-      default_pem_root_certs =
-          gpr_load_file(GRPC_SSL_ROOTS_WELL_KNOWN_PATH, NULL);
-    }
  }
 }

--- a/src/core/security/ssl_roots.h
+++ b/src/core/security/ssl_roots.h
@ -1,40 +0,0 @@
-/*
- *
- * Copyright 2015, Google Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- *
- *     * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *     * Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions and the following disclaimer
- * in the documentation and/or other materials provided with the
- * distribution.
- *     * Neither the name of Google Inc. nor the names of its
- * contributors may be used to endorse or promote products derived from
- * this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef __GRPC_INTERNAL_SECURITY_SSL_ROOTS_H__
-#define __GRPC_INTERNAL_SECURITY_SSL_ROOTS_H__
-
-/* WARNING: this value is patched at install time. */
-#define GRPC_SSL_ROOTS_WELL_KNOWN_PATH "/etc/grpc/roots.pem"
-
-#endif /* __GRPC_INTERNAL_SECURITY_SSL_ROOTS_H__ */