Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Addressing comments.

Browse Source 
The new API is now actually useful...
pull/4934/head
Julien Boeuf 9 years ago
parent 373debd5c0
commit a50da4757a
3 changed files with 16 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      include/grpc/grpc_security.h
  2. 12
      src/core/security/security_connector.c
  3. 14
      test/core/security/security_connector_test.c

20
include/grpc/grpc_security.h
Unescape View File

@ -143,15 +143,14 @@ grpc_channel_credentials *grpc_google_default_credentials_create(void);
#define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \ #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \
"GRPC_DEFAULT_SSL_ROOTS_FILE_PATH" "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"
/* Overrides the default path for TLS/SSL roots. /* Overrides the default TLS/SSL roots.
The path must point to a PEM encoded file with all the roots such as the one The roots must be encoded as PEM and NULL-terminated.
that can be downloaded from https://pki.google.com/roots.pem.
This function is not thread-safe and must be called at initialization time This function is not thread-safe and must be called at initialization time
before any ssl credentials are created to have the desired side effect. before any ssl credentials are created to have the desired side effect.
It also does not do any checks about the validity or contents of the path. It also does not do any checks about the validity of the encoding.
If the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set, it will override If the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set to a valid path,
the roots_path specified in this function. */ it will override the roots specified in this function. */
void grpc_override_ssl_default_roots_file_path(const char *roots_path); void grpc_override_ssl_default_roots(const char *roots_pem);
/* Object that holds a private key / certificate chain pair in PEM format. */ /* Object that holds a private key / certificate chain pair in PEM format. */
typedef struct { typedef struct {
@ -169,10 +168,9 @@ typedef struct {
of the server root certificates. If this parameter is NULL, the of the server root certificates. If this parameter is NULL, the
implementation will first try to dereference the file pointed by the implementation will first try to dereference the file pointed by the
GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails, GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
try to get the roots from the path specified in the function try to get the roots set by grpc_override_ssl_default_roots. Eventually,
grpc_override_ssl_default_roots_file_path. Eventually, if all these fail, if all these fail, it will try to get the roots from a well-known place on
it will try to get the roots from a well-known place on disk (in the grpc disk (in the grpc install directory).
install directory).
- pem_key_cert_pair is a pointer on the object containing client's private - pem_key_cert_pair is a pointer on the object containing client's private
key and certificate chain. This parameter can be NULL if the client does key and certificate chain. This parameter can be NULL if the client does
not have such a key/cert pair. */ not have such a key/cert pair. */

12
src/core/security/security_connector.c
Unescape View File

@ -61,12 +61,12 @@ static const char *installed_roots_path =
INSTALL_PREFIX "/share/grpc/roots.pem"; INSTALL_PREFIX "/share/grpc/roots.pem";
#endif #endif
/* -- Overridden default roots file path. -- */ /* -- Overridden default roots. -- */
static const char *overridden_default_roots_file_path = NULL; static gpr_slice overridden_default_roots;
void grpc_override_ssl_default_roots_file_path(const char *roots_path) { void grpc_override_ssl_default_roots(const char *roots_pem) {
overridden_default_roots_file_path = roots_path; overridden_default_roots = gpr_slice_from_copied_string(roots_pem);
} }
/* -- Cipher suites. -- */ /* -- Cipher suites. -- */
@ -616,8 +616,8 @@ static gpr_slice compute_default_pem_root_certs_once(void) {
/* Try overridden roots path if needed. */ /* Try overridden roots path if needed. */
if (GPR_SLICE_IS_EMPTY(result) && if (GPR_SLICE_IS_EMPTY(result) &&
overridden_default_roots_file_path != NULL) { !GPR_SLICE_IS_EMPTY(overridden_default_roots)) {
result = gpr_load_file(overridden_default_roots_file_path, 0, NULL); result = gpr_slice_ref(overridden_default_roots);
} }
/* Fall back to installed certs if needed. */ /* Fall back to installed certs if needed. */

14
test/core/security/security_connector_test.c
Unescape View File

@ -304,13 +304,6 @@ static void test_default_ssl_roots(void) {
const char *roots_for_override_api = "roots for override api"; const char *roots_for_override_api = "roots for override api";
const char *roots_for_env_var = "roots for env var"; const char *roots_for_env_var = "roots for env var";
char *roots_api_file_path;
FILE *roots_api_file =
gpr_tmpfile("test_roots_for_api_override", &roots_api_file_path);
fwrite(roots_for_override_api, 1, strlen(roots_for_override_api),
roots_api_file);
fclose(roots_api_file);
char *roots_env_var_file_path; char *roots_env_var_file_path;
FILE *roots_env_var_file = FILE *roots_env_var_file =
gpr_tmpfile("test_roots_for_env_var", &roots_env_var_file_path); gpr_tmpfile("test_roots_for_env_var", &roots_env_var_file_path);
@ -318,7 +311,7 @@ static void test_default_ssl_roots(void) {
fclose(roots_env_var_file); fclose(roots_env_var_file);
/* First let's get the root through the override (no env are set). */ /* First let's get the root through the override (no env are set). */
grpc_override_ssl_default_roots_file_path(roots_api_file_path); grpc_override_ssl_default_roots(roots_for_override_api);
gpr_slice roots = grpc_get_default_ssl_roots_for_testing(); gpr_slice roots = grpc_get_default_ssl_roots_for_testing();
char *roots_contents = gpr_dump_slice(roots, GPR_DUMP_ASCII); char *roots_contents = gpr_dump_slice(roots, GPR_DUMP_ASCII);
gpr_slice_unref(roots); gpr_slice_unref(roots);
@ -344,15 +337,10 @@ static void test_default_ssl_roots(void) {
gpr_free(roots_contents); gpr_free(roots_contents);
/* Cleanup. */ /* Cleanup. */
remove(roots_api_file_path);
remove(roots_env_var_file_path); remove(roots_env_var_file_path);
gpr_free(roots_api_file_path);
gpr_free(roots_env_var_file_path); gpr_free(roots_env_var_file_path);
} }
/* TODO(jboeuf): Unit-test tsi_shallow_peer_from_auth_context. */
int main(int argc, char **argv) { int main(int argc, char **argv) {
grpc_test_init(argc, argv); grpc_test_init(argc, argv);
grpc_init(); grpc_init();

Write Preview
Loading…
Cancel
Save