diff --git a/include/grpc/grpc_security_constants.h b/include/grpc/grpc_security_constants.h index 3b2d45aae75..1c3cbc712df 100644 --- a/include/grpc/grpc_security_constants.h +++ b/include/grpc/grpc_security_constants.h @@ -25,6 +25,7 @@ extern "C" { #define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME "transport_security_type" #define GRPC_SSL_TRANSPORT_SECURITY_TYPE "ssl" +#define GRPC_TLS_TRANSPORT_SECURITY_TYPE "tls" #define GRPC_X509_CN_PROPERTY_NAME "x509_common_name" #define GRPC_X509_SAN_PROPERTY_NAME "x509_subject_alternative_name" diff --git a/src/core/lib/security/authorization/matchers.cc b/src/core/lib/security/authorization/matchers.cc index a5d337b2ba2..202e59186ce 100644 --- a/src/core/lib/security/authorization/matchers.cc +++ b/src/core/lib/security/authorization/matchers.cc @@ -175,7 +175,8 @@ bool PortAuthorizationMatcher::Matches(const EvaluateArgs& args) const { bool AuthenticatedAuthorizationMatcher::Matches( const EvaluateArgs& args) const { - if (args.GetTransportSecurityType() != GRPC_SSL_TRANSPORT_SECURITY_TYPE) { + if (args.GetTransportSecurityType() != GRPC_SSL_TRANSPORT_SECURITY_TYPE && + args.GetTransportSecurityType() != GRPC_TLS_TRANSPORT_SECURITY_TYPE) { // Connection is not authenticated. return false; } diff --git a/src/core/lib/security/security_connector/tls/tls_security_connector.cc b/src/core/lib/security/security_connector/tls/tls_security_connector.cc index 7ee655d77d9..760c610af7d 100644 --- a/src/core/lib/security/security_connector/tls/tls_security_connector.cc +++ b/src/core/lib/security/security_connector/tls/tls_security_connector.cc @@ -27,6 +27,7 @@ #include "absl/strings/string_view.h" #include +#include #include #include #include diff --git a/src/core/lib/security/security_connector/tls/tls_security_connector.h b/src/core/lib/security/security_connector/tls/tls_security_connector.h index 80c26954ac8..67ff420d32f 100644 --- a/src/core/lib/security/security_connector/tls/tls_security_connector.h +++ b/src/core/lib/security/security_connector/tls/tls_security_connector.h @@ -26,8 +26,6 @@ #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h" #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h" -#define GRPC_TLS_TRANSPORT_SECURITY_TYPE "tls" - namespace grpc_core { // Channel security connector using TLS as transport security protocol. diff --git a/test/core/security/authorization_matchers_test.cc b/test/core/security/authorization_matchers_test.cc index dc3646d57f4..6f4a3efc2e8 100644 --- a/test/core/security/authorization_matchers_test.cc +++ b/test/core/security/authorization_matchers_test.cc @@ -19,6 +19,8 @@ #include #include +#include + #include "src/core/lib/security/authorization/evaluate_args.h" #include "src/core/lib/security/authorization/matchers.h" #include "test/core/util/evaluate_args_test_util.h" @@ -341,7 +343,7 @@ TEST_F(AuthorizationMatchersTest, TEST_F(AuthorizationMatchersTest, AuthenticatedMatcherSuccessfulUriSanMatches) { args_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, - GRPC_SSL_TRANSPORT_SECURITY_TYPE); + GRPC_TLS_TRANSPORT_SECURITY_TYPE); args_.AddPropertyToAuthContext(GRPC_PEER_URI_PROPERTY_NAME, "spiffe://foo.abc"); args_.AddPropertyToAuthContext(GRPC_PEER_URI_PROPERTY_NAME, @@ -357,7 +359,7 @@ TEST_F(AuthorizationMatchersTest, AuthenticatedMatcherSuccessfulUriSanMatches) { TEST_F(AuthorizationMatchersTest, AuthenticatedMatcherFailedUriSanMatches) { args_.AddPropertyToAuthContext(GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME, - GRPC_SSL_TRANSPORT_SECURITY_TYPE); + GRPC_TLS_TRANSPORT_SECURITY_TYPE); args_.AddPropertyToAuthContext(GRPC_PEER_URI_PROPERTY_NAME, "spiffe://bar.abc"); EvaluateArgs args = args_.MakeEvaluateArgs();