diff --git a/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc b/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc index 0318e0aeb62..87ebd7ad171 100644 --- a/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +++ b/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc @@ -56,7 +56,8 @@ grpc_error* ssl_check_peer( gpr_free(msg); return error; } - *auth_context = grpc_ssl_peer_to_auth_context(peer); + *auth_context = + grpc_ssl_peer_to_auth_context(peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE); return GRPC_ERROR_NONE; } diff --git a/src/core/lib/security/security_connector/ssl_utils.cc b/src/core/lib/security/security_connector/ssl_utils.cc index bacd31a1f30..9686426074e 100644 --- a/src/core/lib/security/security_connector/ssl_utils.cc +++ b/src/core/lib/security/security_connector/ssl_utils.cc @@ -195,7 +195,7 @@ int grpc_ssl_cmp_target_name( } grpc_core::RefCountedPtr grpc_ssl_peer_to_auth_context( - const tsi_peer* peer) { + const tsi_peer* peer, const char* transport_security_type) { size_t i; const char* peer_identity_property_name = nullptr; @@ -205,7 +205,7 @@ grpc_core::RefCountedPtr grpc_ssl_peer_to_auth_context( grpc_core::MakeRefCounted(nullptr); grpc_auth_context_add_cstring_property( ctx.get(), GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, - GRPC_SSL_TRANSPORT_SECURITY_TYPE); + transport_security_type); for (i = 0; i < peer->property_count; i++) { const tsi_peer_property* prop = &peer->properties[i]; if (prop->name == nullptr) continue; diff --git a/src/core/lib/security/security_connector/ssl_utils.h b/src/core/lib/security/security_connector/ssl_utils.h index c13dd90a932..6ee2c3c7248 100644 --- a/src/core/lib/security/security_connector/ssl_utils.h +++ b/src/core/lib/security/security_connector/ssl_utils.h @@ -85,7 +85,7 @@ grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init( /* Exposed for testing only. */ grpc_core::RefCountedPtr grpc_ssl_peer_to_auth_context( - const tsi_peer* peer); + const tsi_peer* peer, const char* transport_security_type); tsi_peer grpc_shallow_peer_from_ssl_auth_context( const grpc_auth_context* auth_context); void grpc_shallow_peer_destruct(tsi_peer* peer); diff --git a/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc b/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc index bac32c08813..85ff3c43eab 100644 --- a/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +++ b/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc @@ -173,7 +173,8 @@ void SpiffeChannelSecurityConnector::check_peer( tsi_peer_destruct(&peer); return; } - *auth_context = grpc_ssl_peer_to_auth_context(&peer); + *auth_context = grpc_ssl_peer_to_auth_context( + &peer, GRPC_TLS_SPIFFE_TRANSPORT_SECURITY_TYPE); const SpiffeCredentials* creds = static_cast(channel_creds()); const grpc_tls_server_authorization_check_config* config = @@ -436,7 +437,8 @@ void SpiffeServerSecurityConnector::check_peer( grpc_core::RefCountedPtr* auth_context, grpc_closure* on_peer_checked) { grpc_error* error = grpc_ssl_check_alpn(&peer); - *auth_context = grpc_ssl_peer_to_auth_context(&peer); + *auth_context = grpc_ssl_peer_to_auth_context( + &peer, GRPC_TLS_SPIFFE_TRANSPORT_SECURITY_TYPE); tsi_peer_destruct(&peer); GRPC_CLOSURE_SCHED(on_peer_checked, error); }