diff --git a/src/ruby/ext/grpc/rb_channel_credentials.c b/src/ruby/ext/grpc/rb_channel_credentials.c index 10391bc9635..09bd3093a94 100644 --- a/src/ruby/ext/grpc/rb_channel_credentials.c +++ b/src/ruby/ext/grpc/rb_channel_credentials.c @@ -31,6 +31,8 @@ * */ +#include + #include #include "rb_grpc_imports.generated.h" #include "rb_channel_credentials.h" @@ -39,6 +41,7 @@ #include #include +#include #include #include "rb_call_credentials.h" @@ -48,6 +51,8 @@ grpc_channel_credentials. */ static VALUE grpc_rb_cChannelCredentials = Qnil; +static char *pem_root_certs = NULL; + /* grpc_rb_channel_credentials wraps a grpc_channel_credentials. It provides a * mark object that is used to hold references to any objects used to create * the credentials. */ @@ -236,6 +241,25 @@ static VALUE grpc_rb_channel_credentials_compose(int argc, VALUE *argv, return grpc_rb_wrap_channel_credentials(creds, mark); } +static grpc_ssl_roots_override_result get_ssl_roots_override( + char **pem_root_certs_ptr) { + *pem_root_certs_ptr = pem_root_certs; + if (pem_root_certs == NULL) { + return GRPC_SSL_ROOTS_OVERRIDE_FAIL; + } else { + return GRPC_SSL_ROOTS_OVERRIDE_OK; + } +} + +static VALUE grpc_rb_set_default_roots_pem(VALUE self, VALUE roots) { + char *roots_ptr = StringValueCStr(roots); + size_t length = strlen(roots_ptr); + (void)self; + pem_root_certs = gpr_malloc((length + 1) * sizeof(char)); + memcpy(pem_root_certs, roots_ptr, length + 1); + return Qnil; +} + void Init_grpc_channel_credentials() { grpc_rb_cChannelCredentials = rb_define_class_under(grpc_rb_mGrpcCore, "ChannelCredentials", rb_cObject); @@ -251,6 +275,11 @@ void Init_grpc_channel_credentials() { grpc_rb_channel_credentials_init_copy, 1); rb_define_method(grpc_rb_cChannelCredentials, "compose", grpc_rb_channel_credentials_compose, -1); + rb_define_module_function(grpc_rb_cChannelCredentials, + "set_default_roots_pem", + grpc_rb_set_default_roots_pem, 1); + + grpc_set_ssl_roots_override_callback(get_ssl_roots_override); id_pem_cert_chain = rb_intern("__pem_cert_chain"); id_pem_private_key = rb_intern("__pem_private_key"); diff --git a/src/ruby/lib/grpc.rb b/src/ruby/lib/grpc.rb index a56c49ff59e..79fa705b1c9 100644 --- a/src/ruby/lib/grpc.rb +++ b/src/ruby/lib/grpc.rb @@ -28,9 +28,6 @@ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ssl_roots_path = File.expand_path('../../../../etc/roots.pem', __FILE__) -unless ENV['GRPC_DEFAULT_SSL_ROOTS_FILE_PATH'] - ENV['GRPC_DEFAULT_SSL_ROOTS_FILE_PATH'] = ssl_roots_path -end require_relative 'grpc/errors' require_relative 'grpc/grpc' @@ -42,3 +39,11 @@ require_relative 'grpc/generic/active_call' require_relative 'grpc/generic/client_stub' require_relative 'grpc/generic/service' require_relative 'grpc/generic/rpc_server' + +begin + file = File.open(ssl_roots_path) + roots = file.read + GRPC::Core::ChannelCredentials.set_default_roots_pem roots +ensure + file.close +end