Introduce --ssl_target flag to grpc_cli.

This allows the client to specify the host name of the remote server for the purposes of TLS certificate validation, useful for test certificates and machines with ephemeral IP
addresses with no associated DNS entries that have been assigned TLS certificates.

test/cpp/util/cli_credentials.cc

@@ -25,6 +25,10 @@ DEFINE_bool(use_auth, false, "Whether to create default google credentials.");
 DEFINE_string(
     access_token, "",
     "The access token that will be sent to the server to authenticate RPCs.");
+DEFINE_string(
+    ssl_target, "",
+    "If not empty, treat the server host name as this for ssl/tls certificate "
+    "validation.");
 
 namespace grpc {
 namespace testing {
@@ -58,7 +62,13 @@ const grpc::string CliCredentials::GetCredentialUsage() const {
          "    --use_auth               ; Set whether to create default google"
          " credentials\n"
          "    --access_token           ; Set the access token in metadata,"
-         " overrides --use_auth\n";
+         " overrides --use_auth\n"
+         "    --ssl_target             ; Set server host for tls validation\n";
+}
+
+const grpc::string CliCredentials::GetSslTargetNameOverride() const {
+  return FLAGS_enable_ssl ? FLAGS_ssl_target : "";
 }
+
 }  // namespace testing
 }  // namespace grpc

test/cpp/util/cli_credentials.h

@@ -30,6 +30,7 @@ class CliCredentials {
   virtual ~CliCredentials() {}
   virtual std::shared_ptr<grpc::ChannelCredentials> GetCredentials() const;
   virtual const grpc::string GetCredentialUsage() const;
+  virtual const grpc::string GetSslTargetNameOverride() const;
 };
 
 }  // namespace testing

test/cpp/util/grpc_tool.cc

@@ -206,6 +206,15 @@ void ReadResponse(CliCall* call, const grpc::string& method_name,
   }
 }
 
+std::shared_ptr<grpc::Channel> CreateCliChannel(
+    grpc::string server_address, const CliCredentials& cred) {
+  grpc::ChannelArguments args;
+  if (!cred.GetSslTargetNameOverride().empty()) {
+    args.SetSslTargetNameOverride(cred.GetSslTargetNameOverride());
+  }
+  return grpc::CreateCustomChannel(server_address, cred.GetCredentials(), args);
+}
+
 struct Command {
   const char* command;
   std::function<bool(GrpcTool*, int, const char**, const CliCredentials&,
@@ -324,7 +333,7 @@ bool GrpcTool::ListServices(int argc, const char** argv,
 
   grpc::string server_address(argv[0]);
   std::shared_ptr<grpc::Channel> channel =
-      grpc::CreateChannel(server_address, cred.GetCredentials());
+      CreateCliChannel(server_address, cred);
   grpc::ProtoReflectionDescriptorDatabase desc_db(channel);
   grpc::protobuf::DescriptorPool desc_pool(&desc_db);
 
@@ -422,7 +431,7 @@ bool GrpcTool::PrintType(int argc, const char** argv,
 
   grpc::string server_address(argv[0]);
   std::shared_ptr<grpc::Channel> channel =
-      grpc::CreateChannel(server_address, cred.GetCredentials());
+      CreateCliChannel(server_address, cred);
   grpc::ProtoReflectionDescriptorDatabase desc_db(channel);
   grpc::protobuf::DescriptorPool desc_pool(&desc_db);
 
@@ -469,7 +478,7 @@ bool GrpcTool::CallMethod(int argc, const char** argv,
   bool print_mode = false;
 
   std::shared_ptr<grpc::Channel> channel =
-      grpc::CreateChannel(server_address, cred.GetCredentials());
+      CreateCliChannel(server_address, cred);
 
   if (!FLAGS_binary_input || !FLAGS_binary_output) {
     parser.reset(
@@ -820,7 +829,7 @@ bool GrpcTool::ParseMessage(int argc, const char** argv,
 
   if (!FLAGS_binary_input || !FLAGS_binary_output) {
     std::shared_ptr<grpc::Channel> channel =
-        grpc::CreateChannel(server_address, cred.GetCredentials());
+        CreateCliChannel(server_address, cred);
     parser.reset(
         new grpc::testing::ProtoFileParser(FLAGS_remotedb ? channel : nullptr,
                                            FLAGS_proto_path, FLAGS_protofiles));