Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add comments on the use of TlsFetchKeyMaterials.

Browse Source
pull/22168/head
Matthew Stevenson 5 years ago
parent 278468db0c
commit caf55b5745
1 changed files with 16 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      src/core/lib/security/security_connector/tls/tls_security_connector.cc

16
src/core/lib/security/security_connector/tls/tls_security_connector.cc
Unescape View File

@ -357,6 +357,9 @@ grpc_security_status TlsChannelSecurityConnector::InitializeHandshakerFactory(
}
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
/** If |creds->options()| has a credential reload config, then the call to
* |TlsFetchKeyMaterials| will use it to update the root cert and
* pem-key-cert-pair list stored in |key_materials_config_|. **/
if (TlsFetchKeyMaterials(key_materials_config_, creds->options(), false,
&reload_status) != GRPC_STATUS_OK) {
/* Raise an error if key materials are not populated. */
@ -371,6 +374,9 @@ grpc_security_status TlsChannelSecurityConnector::RefreshHandshakerFactory() {
static_cast<const TlsCredentials*>(channel_creds());
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
/** If |creds->options()| has a credential reload config, then the call to
* |TlsFetchKeyMaterials| will use it to update the root cert and
* pem-key-cert-pair list stored in |key_materials_config_|. **/
if (TlsFetchKeyMaterials(key_materials_config_, creds->options(), false,
&reload_status) != GRPC_STATUS_OK) {
return GRPC_SECURITY_ERROR;
@ -560,6 +566,11 @@ grpc_security_status TlsServerSecurityConnector::InitializeHandshakerFactory() {
}
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
/** If |creds->options()| has a credential reload config, then the call to
* |TlsFetchKeyMaterials| will use it to update the root cert and
* pem-key-cert-pair list stored in |key_materials_config_|. Otherwise, it
* will return |GRPC_STATUS_OK| if |key_materials_config_| already has
* credentials, and an error code if not. **/
if (TlsFetchKeyMaterials(key_materials_config_, creds->options(), true,
&reload_status) != GRPC_STATUS_OK) {
/* Raise an error if key materials are not populated. */
@ -574,6 +585,11 @@ grpc_security_status TlsServerSecurityConnector::RefreshHandshakerFactory() {
static_cast<const TlsServerCredentials*>(server_creds());
grpc_ssl_certificate_config_reload_status reload_status =
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED;
/** If |creds->options()| has a credential reload config, then the call to
* |TlsFetchKeyMaterials| will use it to update the root cert and
* pem-key-cert-pair list stored in |key_materials_config_|. Otherwise, it
* will return |GRPC_STATUS_OK| if |key_materials_config_| already has
* credentials, and an error code if not. **/
if (TlsFetchKeyMaterials(key_materials_config_, creds->options(), true,
&reload_status) != GRPC_STATUS_OK) {
return GRPC_SECURITY_ERROR;

Write Preview
Loading…
Cancel
Save