Merge branch 'master' of github.com:grpc/grpc into gcc6

9 years ago · ee6f4bcd99
parent 49be63db8f 5a56891eb6
commit ee6f4bcd99
158 changed files with 10650 additions and 5744 deletions
--- a/2
+++ b/2
@ -481,6 +481,7 @@ cc_library(
    "include/grpc/impl/codegen/sync_win32.h",
    "include/grpc/impl/codegen/time.h",
    "include/grpc/grpc_security.h",
    "include/grpc/grpc_security_constants.h",
    "include/grpc/census.h",
  ],
  includes = [
@ -1492,6 +1493,7 @@ objc_library(
    "include/grpc/impl/codegen/sync_win32.h",
    "include/grpc/impl/codegen/time.h",
    "include/grpc/grpc_security.h",
    "include/grpc/grpc_security_constants.h",
    "include/grpc/census.h",
    "src/core/lib/channel/channel_args.h",
    "src/core/lib/channel/channel_stack.h",
--- a/155
+++ b/155
@ -1023,7 +1023,6 @@ interop_test: $(BINDIR)/$(CONFIG)/interop_test
 json_run_localhost: $(BINDIR)/$(CONFIG)/json_run_localhost
 metrics_client: $(BINDIR)/$(CONFIG)/metrics_client
 mock_test: $(BINDIR)/$(CONFIG)/mock_test
 qps_driver: $(BINDIR)/$(CONFIG)/qps_driver
 qps_interarrival_test: $(BINDIR)/$(CONFIG)/qps_interarrival_test
 qps_json_driver: $(BINDIR)/$(CONFIG)/qps_json_driver
 qps_openloop_test: $(BINDIR)/$(CONFIG)/qps_openloop_test
@ -1077,6 +1076,7 @@ boringssl_refcount_test: $(BINDIR)/$(CONFIG)/boringssl_refcount_test
 boringssl_rsa_test: $(BINDIR)/$(CONFIG)/boringssl_rsa_test
 boringssl_thread_test: $(BINDIR)/$(CONFIG)/boringssl_thread_test
 boringssl_pkcs7_test: $(BINDIR)/$(CONFIG)/boringssl_pkcs7_test
 boringssl_x509_test: $(BINDIR)/$(CONFIG)/boringssl_x509_test
 boringssl_tab_test: $(BINDIR)/$(CONFIG)/boringssl_tab_test
 boringssl_v3name_test: $(BINDIR)/$(CONFIG)/boringssl_v3name_test
 boringssl_pqueue_test: $(BINDIR)/$(CONFIG)/boringssl_pqueue_test
@ -1106,6 +1106,7 @@ h2_sockpair_test: $(BINDIR)/$(CONFIG)/h2_sockpair_test
 h2_sockpair+trace_test: $(BINDIR)/$(CONFIG)/h2_sockpair+trace_test
 h2_sockpair_1byte_test: $(BINDIR)/$(CONFIG)/h2_sockpair_1byte_test
 h2_ssl_test: $(BINDIR)/$(CONFIG)/h2_ssl_test
 h2_ssl_cert_test: $(BINDIR)/$(CONFIG)/h2_ssl_cert_test
 h2_ssl_proxy_test: $(BINDIR)/$(CONFIG)/h2_ssl_proxy_test
 h2_uds_test: $(BINDIR)/$(CONFIG)/h2_uds_test
 h2_census_nosec_test: $(BINDIR)/$(CONFIG)/h2_census_nosec_test
@ -1197,7 +1198,7 @@ pc_cxx: $(LIBDIR)/$(CONFIG)/pkgconfig/grpc++.pc
 pc_cxx_unsecure: $(LIBDIR)/$(CONFIG)/pkgconfig/grpc++_unsecure.pc
-privatelibs_cxx:  $(LIBDIR)/$(CONFIG)/libgrpc++_test_config.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libinterop_client_helper.a $(LIBDIR)/$(CONFIG)/libinterop_client_main.a $(LIBDIR)/$(CONFIG)/libinterop_server_helper.a $(LIBDIR)/$(CONFIG)/libinterop_server_main.a $(LIBDIR)/$(CONFIG)/libqps.a $(LIBDIR)/$(CONFIG)/libboringssl_test_util.a $(LIBDIR)/$(CONFIG)/libboringssl_aes_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_asn1_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_base64_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_bio_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_bn_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_bytestring_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_aead_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_cipher_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_cmac_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_ed25519_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_x25519_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_dh_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_digest_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_ec_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_ecdsa_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_err_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_evp_extra_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_evp_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_pbkdf_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_hmac_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_pkcs12_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_pkcs8_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_poly1305_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_rsa_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_ssl_test_lib.a
+privatelibs_cxx:  $(LIBDIR)/$(CONFIG)/libgrpc++_test_config.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libinterop_client_helper.a $(LIBDIR)/$(CONFIG)/libinterop_client_main.a $(LIBDIR)/$(CONFIG)/libinterop_server_helper.a $(LIBDIR)/$(CONFIG)/libinterop_server_main.a $(LIBDIR)/$(CONFIG)/libqps.a $(LIBDIR)/$(CONFIG)/libboringssl_test_util.a $(LIBDIR)/$(CONFIG)/libboringssl_aes_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_asn1_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_base64_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_bio_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_bn_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_bytestring_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_aead_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_cipher_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_cmac_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_ed25519_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_x25519_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_dh_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_digest_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_ec_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_ecdsa_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_err_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_evp_extra_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_evp_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_pbkdf_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_hmac_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_pkcs12_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_pkcs8_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_poly1305_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_rsa_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_x509_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_ssl_test_lib.a
 ifeq ($(HAS_ZOOKEEPER),true)
 privatelibs_zookeeper: 
@ -1333,6 +1334,7 @@ buildtests_c: privatelibs_c \
  $(BINDIR)/$(CONFIG)/h2_sockpair+trace_test \
  $(BINDIR)/$(CONFIG)/h2_sockpair_1byte_test \
  $(BINDIR)/$(CONFIG)/h2_ssl_test \
  $(BINDIR)/$(CONFIG)/h2_ssl_cert_test \
  $(BINDIR)/$(CONFIG)/h2_ssl_proxy_test \
  $(BINDIR)/$(CONFIG)/h2_uds_test \
  $(BINDIR)/$(CONFIG)/h2_census_nosec_test \
@ -1435,6 +1437,7 @@ buildtests_cxx: buildtests_zookeeper privatelibs_cxx \
  $(BINDIR)/$(CONFIG)/boringssl_rsa_test \
  $(BINDIR)/$(CONFIG)/boringssl_thread_test \
  $(BINDIR)/$(CONFIG)/boringssl_pkcs7_test \
  $(BINDIR)/$(CONFIG)/boringssl_x509_test \
  $(BINDIR)/$(CONFIG)/boringssl_tab_test \
  $(BINDIR)/$(CONFIG)/boringssl_v3name_test \
  $(BINDIR)/$(CONFIG)/boringssl_pqueue_test \
@ -1764,7 +1767,7 @@ tools_c: privatelibs_c $(BINDIR)/$(CONFIG)/gen_hpack_tables $(BINDIR)/$(CONFIG)/
 tools_cxx: privatelibs_cxx
-buildbenchmarks: privatelibs $(BINDIR)/$(CONFIG)/low_level_ping_pong_benchmark $(BINDIR)/$(CONFIG)/qps_driver
+buildbenchmarks: privatelibs $(BINDIR)/$(CONFIG)/low_level_ping_pong_benchmark
 benchmarks: buildbenchmarks
@ -2640,6 +2643,7 @@ PUBLIC_HEADERS_C += \
    include/grpc/impl/codegen/sync_win32.h \
    include/grpc/impl/codegen/time.h \
    include/grpc/grpc_security.h \
    include/grpc/grpc_security_constants.h \
    include/grpc/census.h \
 LIBGRPC_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(LIBGRPC_SRC))))
@ -2695,6 +2699,7 @@ endif
 LIBGRPC_TEST_UTIL_SRC = \
    test/core/end2end/data/client_certs.c \
    test/core/end2end/data/server1_cert.c \
    test/core/end2end/data/server1_key.c \
    test/core/end2end/data/test_root_cert.c \
@ -4079,6 +4084,7 @@ LIBBORINGSSL_SRC = \
    third_party/boringssl/crypto/bn/shift.c \
    third_party/boringssl/crypto/bn/sqrt.c \
    third_party/boringssl/crypto/buf/buf.c \
    third_party/boringssl/crypto/bytestring/asn1_compat.c \
    third_party/boringssl/crypto/bytestring/ber.c \
    third_party/boringssl/crypto/bytestring/cbb.c \
    third_party/boringssl/crypto/bytestring/cbs.c \
@ -4102,6 +4108,7 @@ LIBBORINGSSL_SRC = \
    third_party/boringssl/crypto/cpu-intel.c \
    third_party/boringssl/crypto/crypto.c \
    third_party/boringssl/crypto/curve25519/curve25519.c \
    third_party/boringssl/crypto/curve25519/x25519-x86_64.c \
    third_party/boringssl/crypto/des/des.c \
    third_party/boringssl/crypto/dh/check.c \
    third_party/boringssl/crypto/dh/dh.c \
@ -4293,6 +4300,7 @@ LIBBORINGSSL_SRC = \
    third_party/boringssl/ssl/ssl_buffer.c \
    third_party/boringssl/ssl/ssl_cert.c \
    third_party/boringssl/ssl/ssl_cipher.c \
    third_party/boringssl/ssl/ssl_ecdh.c \
    third_party/boringssl/ssl/ssl_file.c \
    third_party/boringssl/ssl/ssl_lib.c \
    third_party/boringssl/ssl/ssl_rsa.c \
@ -5521,6 +5529,44 @@ ifneq ($(NO_DEPS),true)
 endif
 LIBBORINGSSL_X509_TEST_LIB_SRC = \
    third_party/boringssl/crypto/x509/x509_test.cc \
 PUBLIC_HEADERS_CXX += \
 LIBBORINGSSL_X509_TEST_LIB_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(LIBBORINGSSL_X509_TEST_LIB_SRC))))
 $(LIBBORINGSSL_X509_TEST_LIB_OBJS): CPPFLAGS += -Ithird_party/boringssl/include -fvisibility=hidden -DOPENSSL_NO_ASM -D_GNU_SOURCE -DWIN32_LEAN_AND_MEAN -D_HAS_EXCEPTIONS=0 -DNOMINMAX
 $(LIBBORINGSSL_X509_TEST_LIB_OBJS): CFLAGS += -Wno-sign-conversion -Wno-conversion -Wno-unused-value -Wno-unknown-pragmas -Wno-implicit-function-declaration -Wno-unused-variable -Wno-sign-compare
 ifeq ($(NO_PROTOBUF),true)
 # You can't build a C++ library if you don't have protobuf - a bit overreached, but still okay.
 $(LIBDIR)/$(CONFIG)/libboringssl_x509_test_lib.a: protobuf_dep_error
 else
 $(LIBDIR)/$(CONFIG)/libboringssl_x509_test_lib.a: $(ZLIB_DEP)  $(PROTOBUF_DEP) $(LIBBORINGSSL_X509_TEST_LIB_OBJS) 
 	$(E) "[AR]      Creating $@"
 	$(Q) mkdir -p `dirname $@`
 	$(Q) rm -f $(LIBDIR)/$(CONFIG)/libboringssl_x509_test_lib.a
 	$(Q) $(AR) $(LIBDIR)/$(CONFIG)/libboringssl_x509_test_lib.a $(LIBBORINGSSL_X509_TEST_LIB_OBJS) 
 ifeq ($(SYSTEM),Darwin)
 	$(Q) ranlib -no_warning_for_no_symbols $(LIBDIR)/$(CONFIG)/libboringssl_x509_test_lib.a
 endif
 endif
 ifneq ($(NO_DEPS),true)
 -include $(LIBBORINGSSL_X509_TEST_LIB_OBJS:.o=.dep)
 endif
 LIBBORINGSSL_TAB_TEST_LIB_SRC = \
    third_party/boringssl/crypto/x509v3/tab_test.c \
@ -10906,49 +10952,6 @@ endif
 endif
 QPS_DRIVER_SRC = \
    test/cpp/qps/qps_driver.cc \
 QPS_DRIVER_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(QPS_DRIVER_SRC))))
 ifeq ($(NO_SECURE),true)
 # You can't build secure targets if you don't have OpenSSL.
 $(BINDIR)/$(CONFIG)/qps_driver: openssl_dep_error
 else
 ifeq ($(NO_PROTOBUF),true)
 # You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
 $(BINDIR)/$(CONFIG)/qps_driver: protobuf_dep_error
 else
 $(BINDIR)/$(CONFIG)/qps_driver: $(PROTOBUF_DEP) $(QPS_DRIVER_OBJS) $(LIBDIR)/$(CONFIG)/libqps.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_config.a
 	$(E) "[LD]      Linking $@"
 	$(Q) mkdir -p `dirname $@`
 	$(Q) $(LDXX) $(LDFLAGS) $(QPS_DRIVER_OBJS) $(LIBDIR)/$(CONFIG)/libqps.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_config.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(LDLIBS_SECURE) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/qps_driver
 endif
 endif
 $(OBJDIR)/$(CONFIG)/test/cpp/qps/qps_driver.o:  $(LIBDIR)/$(CONFIG)/libqps.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc++.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LIBDIR)/$(CONFIG)/libgrpc++_test_config.a
 deps_qps_driver: $(QPS_DRIVER_OBJS:.o=.dep)
 ifneq ($(NO_SECURE),true)
 ifneq ($(NO_DEPS),true)
 -include $(QPS_DRIVER_OBJS:.o=.dep)
 endif
 endif
 QPS_INTERARRIVAL_TEST_SRC = \
    test/cpp/qps/qps_interarrival_test.cc \
@ -12743,6 +12746,33 @@ endif
 # boringssl needs an override to ensure that it does not include
 # system openssl headers regardless of other configuration
 # we do so here with a target specific variable assignment
 $(BORINGSSL_X509_TEST_OBJS): CFLAGS := -Ithird_party/boringssl/include $(CFLAGS) -Wno-sign-conversion -Wno-conversion -Wno-unused-value
 $(BORINGSSL_X509_TEST_OBJS): CXXFLAGS := -Ithird_party/boringssl/include $(CXXFLAGS)
 $(BORINGSSL_X509_TEST_OBJS): CPPFLAGS += -DOPENSSL_NO_ASM -D_GNU_SOURCE
 ifeq ($(NO_PROTOBUF),true)
 # You can't build the protoc plugins or protobuf-enabled targets if you don't have protobuf 3.0.0+.
 $(BINDIR)/$(CONFIG)/boringssl_x509_test: protobuf_dep_error
 else
 $(BINDIR)/$(CONFIG)/boringssl_x509_test:  $(LIBDIR)/$(CONFIG)/libboringssl_x509_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_test_util.a $(LIBDIR)/$(CONFIG)/libboringssl.a
 	$(E) "[LD]      Linking $@"
 	$(Q) mkdir -p `dirname $@`
 	$(Q) $(LDXX) $(LDFLAGS)  $(LIBDIR)/$(CONFIG)/libboringssl_x509_test_lib.a $(LIBDIR)/$(CONFIG)/libboringssl_test_util.a $(LIBDIR)/$(CONFIG)/libboringssl.a $(LDLIBSXX) $(LDLIBS_PROTOBUF) $(LDLIBS) $(GTEST_LIB) -o $(BINDIR)/$(CONFIG)/boringssl_x509_test
 endif
 # boringssl needs an override to ensure that it does not include
 # system openssl headers regardless of other configuration
 # we do so here with a target specific variable assignment
@ -13542,6 +13572,38 @@ endif
 endif
 H2_SSL_CERT_TEST_SRC = \
    test/core/end2end/fixtures/h2_ssl_cert.c \
 H2_SSL_CERT_TEST_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(H2_SSL_CERT_TEST_SRC))))
 ifeq ($(NO_SECURE),true)
 # You can't build secure targets if you don't have OpenSSL.
 $(BINDIR)/$(CONFIG)/h2_ssl_cert_test: openssl_dep_error
 else
 $(BINDIR)/$(CONFIG)/h2_ssl_cert_test: $(H2_SSL_CERT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libend2end_tests.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a
 	$(E) "[LD]      Linking $@"
 	$(Q) mkdir -p `dirname $@`
 	$(Q) $(LD) $(LDFLAGS) $(H2_SSL_CERT_TEST_OBJS) $(LIBDIR)/$(CONFIG)/libend2end_tests.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a $(LDLIBS) $(LDLIBS_SECURE) -o $(BINDIR)/$(CONFIG)/h2_ssl_cert_test
 endif
 $(OBJDIR)/$(CONFIG)/test/core/end2end/fixtures/h2_ssl_cert.o:  $(LIBDIR)/$(CONFIG)/libend2end_tests.a $(LIBDIR)/$(CONFIG)/libgrpc_test_util.a $(LIBDIR)/$(CONFIG)/libgrpc.a $(LIBDIR)/$(CONFIG)/libgpr_test_util.a $(LIBDIR)/$(CONFIG)/libgpr.a
 deps_h2_ssl_cert_test: $(H2_SSL_CERT_TEST_OBJS:.o=.dep)
 ifneq ($(NO_SECURE),true)
 ifneq ($(NO_DEPS),true)
 -include $(H2_SSL_CERT_TEST_OBJS:.o=.dep)
 endif
 endif
 H2_SSL_PROXY_TEST_SRC = \
    test/core/end2end/fixtures/h2_ssl_proxy.c \
@ -14101,6 +14163,7 @@ src/cpp/server/secure_server_credentials.cc: $(OPENSSL_DEP)
 src/csharp/ext/grpc_csharp_ext.c: $(OPENSSL_DEP)
 test/core/bad_client/bad_client.c: $(OPENSSL_DEP)
 test/core/bad_ssl/server_common.c: $(OPENSSL_DEP)
 test/core/end2end/data/client_certs.c: $(OPENSSL_DEP)
 test/core/end2end/data/server1_cert.c: $(OPENSSL_DEP)
 test/core/end2end/data/server1_key.c: $(OPENSSL_DEP)
 test/core/end2end/data/test_root_cert.c: $(OPENSSL_DEP)
--- a/binding.gyp
+++ b/binding.gyp
@ -223,6 +223,7 @@
            'third_party/boringssl/crypto/bn/shift.c',
            'third_party/boringssl/crypto/bn/sqrt.c',
            'third_party/boringssl/crypto/buf/buf.c',
            'third_party/boringssl/crypto/bytestring/asn1_compat.c',
            'third_party/boringssl/crypto/bytestring/ber.c',
            'third_party/boringssl/crypto/bytestring/cbb.c',
            'third_party/boringssl/crypto/bytestring/cbs.c',
@ -246,6 +247,7 @@
            'third_party/boringssl/crypto/cpu-intel.c',
            'third_party/boringssl/crypto/crypto.c',
            'third_party/boringssl/crypto/curve25519/curve25519.c',
            'third_party/boringssl/crypto/curve25519/x25519-x86_64.c',
            'third_party/boringssl/crypto/des/des.c',
            'third_party/boringssl/crypto/dh/check.c',
            'third_party/boringssl/crypto/dh/dh.c',
@ -437,6 +439,7 @@
            'third_party/boringssl/ssl/ssl_buffer.c',
            'third_party/boringssl/ssl/ssl_cert.c',
            'third_party/boringssl/ssl/ssl_cipher.c',
            'third_party/boringssl/ssl/ssl_ecdh.c',
            'third_party/boringssl/ssl/ssl_file.c',
            'third_party/boringssl/ssl/ssl_lib.c',
            'third_party/boringssl/ssl/ssl_rsa.c',
--- a/build.yaml
+++ b/build.yaml
@ -525,6 +525,7 @@ filegroups:
 - name: grpc_secure
  public_headers:
  - include/grpc/grpc_security.h
  - include/grpc/grpc_security_constants.h
  headers:
  - src/core/lib/security/auth_filters.h
  - src/core/lib/security/b64.h
@ -755,6 +756,7 @@ libs:
  - test/core/end2end/data/ssl_test_data.h
  - test/core/security/oauth2_utils.h
  src:
  - test/core/end2end/data/client_certs.c
  - test/core/end2end/data/server1_cert.c
  - test/core/end2end/data/server1_key.c
  - test/core/end2end/data/test_root_cert.c
@ -2706,20 +2708,6 @@ targets:
  - grpc
  - gpr_test_util
  - gpr
 - name: qps_driver
  build: benchmark
  language: c++
  src:
  - test/cpp/qps/qps_driver.cc
  deps:
  - qps
  - grpc++_test_util
  - grpc_test_util
  - grpc++
  - grpc
  - gpr_test_util
  - gpr
  - grpc++_test_config
 - name: qps_interarrival_test
  build: test
  run: false
--- a/config.m4
+++ b/config.m4
@ -317,6 +317,7 @@ if test "$PHP_GRPC" != "no"; then
    third_party/boringssl/crypto/bn/shift.c \
    third_party/boringssl/crypto/bn/sqrt.c \
    third_party/boringssl/crypto/buf/buf.c \
    third_party/boringssl/crypto/bytestring/asn1_compat.c \
    third_party/boringssl/crypto/bytestring/ber.c \
    third_party/boringssl/crypto/bytestring/cbb.c \
    third_party/boringssl/crypto/bytestring/cbs.c \
@ -340,6 +341,7 @@ if test "$PHP_GRPC" != "no"; then
    third_party/boringssl/crypto/cpu-intel.c \
    third_party/boringssl/crypto/crypto.c \
    third_party/boringssl/crypto/curve25519/curve25519.c \
    third_party/boringssl/crypto/curve25519/x25519-x86_64.c \
    third_party/boringssl/crypto/des/des.c \
    third_party/boringssl/crypto/dh/check.c \
    third_party/boringssl/crypto/dh/dh.c \
@ -531,6 +533,7 @@ if test "$PHP_GRPC" != "no"; then
    third_party/boringssl/ssl/ssl_buffer.c \
    third_party/boringssl/ssl/ssl_cert.c \
    third_party/boringssl/ssl/ssl_cipher.c \
    third_party/boringssl/ssl/ssl_ecdh.c \
    third_party/boringssl/ssl/ssl_file.c \
    third_party/boringssl/ssl/ssl_lib.c \
    third_party/boringssl/ssl/ssl_rsa.c \
--- a/gRPC.podspec
+++ b/gRPC.podspec
@ -323,6 +323,7 @@ Pod::Spec.new do |s|
                      'include/grpc/impl/codegen/sync_win32.h',
                      'include/grpc/impl/codegen/time.h',
                      'include/grpc/grpc_security.h',
                      'include/grpc/grpc_security_constants.h',
                      'include/grpc/census.h',
                      'src/core/lib/channel/channel_args.c',
                      'src/core/lib/channel/channel_stack.c',
--- a/grpc.def
+++ b/grpc.def
@ -114,6 +114,7 @@ EXPORTS
    grpc_secure_channel_create
    grpc_server_credentials_release
    grpc_ssl_server_credentials_create
    grpc_ssl_server_credentials_create_ex
    grpc_server_add_secure_http2_port
    grpc_call_set_credentials
    grpc_server_credentials_set_auth_metadata_processor
--- a/grpc.gemspec
+++ b/grpc.gemspec
@ -171,6 +171,7 @@ Gem::Specification.new do |s|
  s.files += %w( include/grpc/impl/codegen/sync_win32.h )
  s.files += %w( include/grpc/impl/codegen/time.h )
  s.files += %w( include/grpc/grpc_security.h )
  s.files += %w( include/grpc/grpc_security_constants.h )
  s.files += %w( include/grpc/census.h )
  s.files += %w( src/core/lib/channel/channel_args.h )
  s.files += %w( src/core/lib/channel/channel_stack.h )
@ -482,12 +483,12 @@ Gem::Specification.new do |s|
  s.files += %w( third_party/boringssl/crypto/cipher/internal.h )
  s.files += %w( third_party/boringssl/crypto/conf/conf_def.h )
  s.files += %w( third_party/boringssl/crypto/conf/internal.h )
  s.files += %w( third_party/boringssl/crypto/curve25519/internal.h )
  s.files += %w( third_party/boringssl/crypto/des/internal.h )
  s.files += %w( third_party/boringssl/crypto/dh/internal.h )
  s.files += %w( third_party/boringssl/crypto/digest/internal.h )
  s.files += %w( third_party/boringssl/crypto/digest/md32_common.h )
  s.files += %w( third_party/boringssl/crypto/directory.h )
  s.files += %w( third_party/boringssl/crypto/dsa/internal.h )
  s.files += %w( third_party/boringssl/crypto/ec/internal.h )
  s.files += %w( third_party/boringssl/crypto/ec/p256-x86_64-table.h )
  s.files += %w( third_party/boringssl/crypto/evp/internal.h )
@ -652,6 +653,7 @@ Gem::Specification.new do |s|
  s.files += %w( third_party/boringssl/crypto/bn/shift.c )
  s.files += %w( third_party/boringssl/crypto/bn/sqrt.c )
  s.files += %w( third_party/boringssl/crypto/buf/buf.c )
  s.files += %w( third_party/boringssl/crypto/bytestring/asn1_compat.c )
  s.files += %w( third_party/boringssl/crypto/bytestring/ber.c )
  s.files += %w( third_party/boringssl/crypto/bytestring/cbb.c )
  s.files += %w( third_party/boringssl/crypto/bytestring/cbs.c )
@ -675,6 +677,7 @@ Gem::Specification.new do |s|
  s.files += %w( third_party/boringssl/crypto/cpu-intel.c )
  s.files += %w( third_party/boringssl/crypto/crypto.c )
  s.files += %w( third_party/boringssl/crypto/curve25519/curve25519.c )
  s.files += %w( third_party/boringssl/crypto/curve25519/x25519-x86_64.c )
  s.files += %w( third_party/boringssl/crypto/des/des.c )
  s.files += %w( third_party/boringssl/crypto/dh/check.c )
  s.files += %w( third_party/boringssl/crypto/dh/dh.c )
@ -866,6 +869,7 @@ Gem::Specification.new do |s|
  s.files += %w( third_party/boringssl/ssl/ssl_buffer.c )
  s.files += %w( third_party/boringssl/ssl/ssl_cert.c )
  s.files += %w( third_party/boringssl/ssl/ssl_cipher.c )
  s.files += %w( third_party/boringssl/ssl/ssl_ecdh.c )
  s.files += %w( third_party/boringssl/ssl/ssl_file.c )
  s.files += %w( third_party/boringssl/ssl/ssl_lib.c )
  s.files += %w( third_party/boringssl/ssl/ssl_rsa.c )
--- a/include/grpc++/security/server_credentials.h
+++ b/include/grpc++/security/server_credentials.h
@ -39,6 +39,7 @@
 #include <grpc++/security/auth_metadata_processor.h>
 #include <grpc++/support/config.h>
 #include <grpc/grpc_security_constants.h>
 struct grpc_server;
@ -69,7 +70,13 @@ class ServerCredentials {
 /// Options to create ServerCredentials with SSL
 struct SslServerCredentialsOptions {
-  SslServerCredentialsOptions() : force_client_auth(false) {}
+  // Deprecated
  SslServerCredentialsOptions()
      : force_client_auth(false),
        client_certificate_request(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE) {}
  SslServerCredentialsOptions(
      grpc_ssl_client_certificate_request_type request_type)
      : force_client_auth(false), client_certificate_request(request_type) {}
  struct PemKeyCertPair {
    grpc::string private_key;
@ -77,7 +84,13 @@ struct SslServerCredentialsOptions {
  };
  grpc::string pem_root_certs;
  std::vector<PemKeyCertPair> pem_key_cert_pairs;
  // Deprecated
  bool force_client_auth;
  // If both force_client_auth and client_certificate_request fields are set,
  // force_client_auth takes effect i.e
  // REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY will be enforced.
  grpc_ssl_client_certificate_request_type client_certificate_request;
 };
 /// Builds SSL ServerCredentials given SSL specific options
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@ -35,6 +35,7 @@
 #define GRPC_GRPC_SECURITY_H
 #include <grpc/grpc.h>
 #include <grpc/grpc_security_constants.h>
 #include <grpc/status.h>
 #ifdef __cplusplus
@ -43,13 +44,6 @@ extern "C" {
 /* --- Authentication Context. --- */
 #define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME "transport_security_type"
 #define GRPC_SSL_TRANSPORT_SECURITY_TYPE "ssl"
 #define GRPC_X509_CN_PROPERTY_NAME "x509_common_name"
 #define GRPC_X509_SAN_PROPERTY_NAME "x509_subject_alternative_name"
 #define GRPC_X509_PEM_CERT_PROPERTY_NAME "x509_pem_cert"
 typedef struct grpc_auth_context grpc_auth_context;
 typedef struct grpc_auth_property_iterator {
@ -130,29 +124,11 @@ typedef struct grpc_channel_credentials grpc_channel_credentials;
   The creator of the credentials object is responsible for its release. */
 GRPCAPI void grpc_channel_credentials_release(grpc_channel_credentials *creds);
 /* Environment variable that points to the google default application
   credentials json key or refresh token. Used in the
   grpc_google_default_credentials_create function. */
 #define GRPC_GOOGLE_CREDENTIALS_ENV_VAR "GOOGLE_APPLICATION_CREDENTIALS"
 /* Creates default credentials to connect to a google gRPC service.
   WARNING: Do NOT use this credentials to connect to a non-google service as
   this could result in an oauth2 token leak. */
 GRPCAPI grpc_channel_credentials *grpc_google_default_credentials_create(void);
 /* Environment variable that points to the default SSL roots file. This file
   must be a PEM encoded file with all the roots such as the one that can be
   downloaded from https://pki.google.com/roots.pem.  */
 #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \
  "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"
 /* Results for the SSL roots override callback. */
 typedef enum {
  GRPC_SSL_ROOTS_OVERRIDE_OK,
  GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY, /* Do not try fallback options. */
  GRPC_SSL_ROOTS_OVERRIDE_FAIL
 } grpc_ssl_roots_override_result;
 /* Callback for getting the SSL roots override from the application.
   In case of success, *pem_roots_certs must be set to a NULL terminated string
   containing the list of PEM encoded root certificates. The ownership is passed
@ -334,7 +310,8 @@ typedef struct grpc_server_credentials grpc_server_credentials;
   */
 GRPCAPI void grpc_server_credentials_release(grpc_server_credentials *creds);
-/* Creates an SSL server_credentials object.
+/* Deprecated in favor of grpc_ssl_server_credentials_create_ex.
   Creates an SSL server_credentials object.
   - pem_roots_cert is the NULL-terminated string containing the PEM encoding of
     the client root certificates. This parameter may be NULL if the server does
     not want the client to be authenticated with SSL.
@ -349,6 +326,15 @@ GRPCAPI grpc_server_credentials *grpc_ssl_server_credentials_create(
    const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
    size_t num_key_cert_pairs, int force_client_auth, void *reserved);
 /* Same as grpc_ssl_server_credentials_create method except uses
   grpc_ssl_client_certificate_request_type enum to support more ways to
   authenticate client cerificates.*/
 GRPCAPI grpc_server_credentials *grpc_ssl_server_credentials_create_ex(
    const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
    size_t num_key_cert_pairs,
    grpc_ssl_client_certificate_request_type client_certificate_request,
    void *reserved);
 /* --- Server-side secure ports. --- */
 /* Add a HTTP2 over an encrypted link over tcp listener.
--- a/include/grpc/grpc_security_constants.h
+++ b/include/grpc/grpc_security_constants.h
@ -0,0 +1,114 @@
 /*
 *
 * Copyright 2016, Google Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 *     * Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above
 * copyright notice, this list of conditions and the following disclaimer
 * in the documentation and/or other materials provided with the
 * distribution.
 *     * Neither the name of Google Inc. nor the names of its
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 #ifndef GRPC_GRPC_SECURITY_CONSTANTS_H
 #define GRPC_GRPC_SECURITY_CONSTANTS_H
 #ifdef __cplusplus
 extern "C" {
 #endif
 #define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME "transport_security_type"
 #define GRPC_SSL_TRANSPORT_SECURITY_TYPE "ssl"
 #define GRPC_X509_CN_PROPERTY_NAME "x509_common_name"
 #define GRPC_X509_SAN_PROPERTY_NAME "x509_subject_alternative_name"
 #define GRPC_X509_PEM_CERT_PROPERTY_NAME "x509_pem_cert"
 /* Environment variable that points to the default SSL roots file. This file
   must be a PEM encoded file with all the roots such as the one that can be
   downloaded from https://pki.google.com/roots.pem.  */
 #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \
  "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"
 /* Environment variable that points to the google default application
   credentials json key or refresh token. Used in the
   grpc_google_default_credentials_create function. */
 #define GRPC_GOOGLE_CREDENTIALS_ENV_VAR "GOOGLE_APPLICATION_CREDENTIALS"
 /* Results for the SSL roots override callback. */
 typedef enum {
  GRPC_SSL_ROOTS_OVERRIDE_OK,
  GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY, /* Do not try fallback options. */
  GRPC_SSL_ROOTS_OVERRIDE_FAIL
 } grpc_ssl_roots_override_result;
 typedef enum {
  /* Server does not request client certificate. A client can present a self
     signed or signed certificates if it wishes to do so and they would be
     accepted. */
  GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE,
  /* Server requests client certificate but does not enforce that the client
     presents a certificate.
     If the client presents a certificate, the client authentication is left to
     the application based on the metadata like certificate etc.
     The key cert pair should still be valid for the SSL connection to be
     established. */
  GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
  /* Server requests client certificate but does not enforce that the client
     presents a certificate.
     If the client presents a certificate, the client authentication is done by
     grpc framework (The client needs to either present a signed cert or skip no
     certificate for a successful connection).
     The key cert pair should still be valid for the SSL connection to be
     established. */
  GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY,
  /* Server requests client certificate but enforces that the client presents a
     certificate.
     If the client presents a certificate, the client authentication is left to
     the application based on the metadata like certificate etc.
     The key cert pair should still be valid for the SSL connection to be
     established. */
  GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
  /* Server requests client certificate but enforces that the client presents a
     certificate.
     The cerificate presented by the client is verified by grpc framework (The
     client needs to present signed certs for a successful connection).
     The key cert pair should still be valid for the SSL connection to be
     established. */
  GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
 } grpc_ssl_client_certificate_request_type;
 #ifdef __cplusplus
 }
 #endif
 #endif /* GRPC_GRPC_SECURITY_CONSTANTS_H */
--- a/package.xml
+++ b/package.xml
@ -174,6 +174,7 @@
    <file baseinstalldir="/" name="include/grpc/impl/codegen/sync_win32.h" role="src" />
    <file baseinstalldir="/" name="include/grpc/impl/codegen/time.h" role="src" />
    <file baseinstalldir="/" name="include/grpc/grpc_security.h" role="src" />
    <file baseinstalldir="/" name="include/grpc/grpc_security_constants.h" role="src" />
    <file baseinstalldir="/" name="include/grpc/census.h" role="src" />
    <file baseinstalldir="/" name="src/core/lib/channel/channel_args.h" role="src" />
    <file baseinstalldir="/" name="src/core/lib/channel/channel_stack.h" role="src" />
@ -485,12 +486,12 @@
    <file baseinstalldir="/" name="third_party/boringssl/crypto/cipher/internal.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/conf/conf_def.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/conf/internal.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/curve25519/internal.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/des/internal.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/dh/internal.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/digest/internal.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/digest/md32_common.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/directory.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/dsa/internal.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/ec/internal.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/ec/p256-x86_64-table.h" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/evp/internal.h" role="src" />
@ -655,6 +656,7 @@
    <file baseinstalldir="/" name="third_party/boringssl/crypto/bn/shift.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/bn/sqrt.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/buf/buf.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/bytestring/asn1_compat.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/bytestring/ber.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/bytestring/cbb.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/bytestring/cbs.c" role="src" />
@ -678,6 +680,7 @@
    <file baseinstalldir="/" name="third_party/boringssl/crypto/cpu-intel.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/crypto.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/curve25519/curve25519.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/curve25519/x25519-x86_64.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/des/des.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/dh/check.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/crypto/dh/dh.c" role="src" />
@ -869,6 +872,7 @@
    <file baseinstalldir="/" name="third_party/boringssl/ssl/ssl_buffer.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/ssl/ssl_cert.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/ssl/ssl_cipher.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/ssl/ssl_ecdh.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/ssl/ssl_file.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/ssl/ssl_lib.c" role="src" />
    <file baseinstalldir="/" name="third_party/boringssl/ssl/ssl_rsa.c" role="src" />
--- a/src/boringssl/err_data.c
+++ b/src/boringssl/err_data.c
@ -54,30 +54,30 @@ OPENSSL_COMPILE_ASSERT(ERR_LIB_USER == 32, library_values_changed_32);
 OPENSSL_COMPILE_ASSERT(ERR_NUM_LIBS == 33, library_values_changed_num);
 const uint32_t kOpenSSLReasonValues[] = {
-    0xc3207ba,
+    0xc3207ab,
-    0xc3287d4,
+    0xc3287c5,
-    0xc3307e3,
+    0xc3307d4,
-    0xc3387f3,
+    0xc3387e4,
-    0xc340802,
+    0xc3407f3,
-    0xc34881b,
+    0xc34880c,
-    0xc350827,
+    0xc350818,
-    0xc358844,
+    0xc358835,
-    0xc360856,
+    0xc360847,
-    0xc368864,
+    0xc368855,
-    0xc370874,
+    0xc370865,
-    0xc378881,
+    0xc378872,
-    0xc380891,
+    0xc380882,
-    0xc38889c,
+    0xc38888d,
-    0xc3908b2,
+    0xc3908a3,
-    0xc3988c1,
+    0xc3988b2,
-    0xc3a08d5,
+    0xc3a08c6,
-    0xc3a87c7,
+    0xc3a87b8,
    0xc3b00b0,
-    0x10321478,
+    0x10321484,
-    0x10329484,
+    0x10329490,
-    0x1033149d,
+    0x103314a9,
-    0x103394b0,
+    0x103394bc,
-    0x10340de1,
+    0x10340ded,
    0x103494cf,
    0x103514e4,
    0x10359516,
@ -97,7 +97,7 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x103c9658,
    0x103d166f,
    0x103d9682,
-    0x103e0b6c,
+    0x103e0b5d,
    0x103e96b3,
    0x103f16c6,
    0x103f96e0,
@ -108,87 +108,91 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x10421747,
    0x1042975b,
    0x1043176d,
-    0x104385d0,
+    0x104385c1,
-    0x104408c1,
+    0x104408b2,
    0x10449782,
    0x10451799,
    0x104597ae,
    0x104617bc,
    0x10469695,
    0x104714f7,
-    0x104787c7,
+    0x104787b8,
    0x104800b0,
-    0x104894c3,
+    0x10488b8c,
-    0x14320b4f,
+    0x14320b40,
-    0x14328b5d,
+    0x14328b4e,
-    0x14330b6c,
+    0x14330b5d,
-    0x14338b7e,
+    0x14338b6f,
    0x18320083,
-    0x18328e47,
+    0x18328e53,
-    0x18340e75,
+    0x18340e81,
-    0x18348e89,
+    0x18348e95,
-    0x18358ec0,
+    0x18358ecc,
-    0x18368eed,
+    0x18368ef9,
-    0x18370f00,
+    0x18370f0c,
-    0x18378f14,
+    0x18378f20,
-    0x18380f38,
+    0x18380f44,
-    0x18388f46,
+    0x18388f52,
-    0x18390f5c,
+    0x18390f68,
-    0x18398f70,
+    0x18398f7c,
-    0x183a0f80,
+    0x183a0f8c,
-    0x183b0f90,
+    0x183b0f9c,
-    0x183b8fa5,
+    0x183b8fb1,
-    0x183c8fd0,
+    0x183c8fdc,
-    0x183d0fe4,
+    0x183d0ff0,
-    0x183d8ff4,
+    0x183d9000,
-    0x183e0b9b,
+    0x183e0b98,
-    0x183e9001,
+    0x183e900d,
-    0x183f1013,
+    0x183f101f,
-    0x183f901e,
+    0x183f902a,
-    0x1840102e,
+    0x1840103a,
-    0x1840903f,
+    0x1840904b,
-    0x18411050,
+    0x1841105c,
-    0x18419062,
+    0x1841906e,
-    0x1842108b,
+    0x18421097,
-    0x184290bd,
+    0x184290c9,
-    0x184310cc,
+    0x184310d8,
-    0x18451135,
+    0x18451141,
-    0x1845914b,
+    0x18459157,
-    0x18461166,
+    0x18461172,
-    0x18468ed8,
+    0x18468ee4,
-    0x184709d9,
+    0x184709ca,
    0x18478094,
-    0x18480fbc,
+    0x18480fc8,
-    0x18489101,
+    0x1848910d,
-    0x18490e5d,
+    0x18490e69,
-    0x18498e9e,
+    0x18498eaa,
-    0x184a119c,
+    0x184a11a8,
-    0x184a9119,
+    0x184a9125,
-    0x184b10e0,
+    0x184b10ec,
-    0x184b8e37,
+    0x184b8e43,
-    0x184c10a4,
+    0x184c10b0,
-    0x184c866b,
+    0x184c865c,
-    0x184d1181,
+    0x184d118d,
-    0x203211c3,
+    0x184d80b0,
-    0x243211cf,
+    0x203211cf,
-    0x24328907,
+    0x243211db,
-    0x243311e1,
+    0x243288f8,
-    0x243391ee,
+    0x243311ed,
-    0x243411fb,
+    0x243391fa,
-    0x2434920d,
+    0x24341207,
-    0x2435121c,
+    0x24349219,
-    0x24359239,
+    0x24351228,
-    0x24361246,
+    0x24359245,
-    0x24369254,
+    0x24361252,
-    0x24371262,
+    0x24369260,
-    0x24379270,
+    0x2437126e,
-    0x24381279,
+    0x2437927c,
-    0x24389286,
+    0x24381285,
-    0x24391299,
+    0x24389292,
-    0x28320b8f,
+    0x243912a5,
-    0x28328b9b,
+    0x28320b80,
-    0x28330b6c,
+    0x28328b98,
-    0x28338bae,
+    0x28330b5d,
    0x28338bab,
    0x28340b8c,
    0x28348094,
    0x283500b0,
    0x2c32281d,
    0x2c32a82b,
    0x2c33283d,
@ -207,7 +211,7 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x2c39a917,
    0x2c3a292b,
    0x2c3aa93c,
-    0x2c3b1359,
+    0x2c3b1365,
    0x2c3ba94d,
    0x2c3c2961,
    0x2c3ca977,
@ -219,12 +223,12 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x2c3faa09,
    0x2c402a2c,
    0x2c40aa4b,
-    0x2c4111c3,
+    0x2c4111cf,
    0x2c41aa5c,
    0x2c422a6f,
-    0x2c429135,
+    0x2c429141,
    0x2c432a80,
-    0x2c4386a2,
+    0x2c438693,
    0x2c4429ad,
    0x30320000,
    0x30328015,
@ -277,77 +281,79 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x304a03b4,
    0x304a83c7,
    0x304b03d2,
-    0x304b83e1,
+    0x304b83e3,
-    0x304c03f2,
+    0x304c03ef,
-    0x304c83fe,
+    0x304c8405,
-    0x304d0414,
+    0x304d0413,
-    0x304d8422,
+    0x304d8429,
-    0x304e0438,
+    0x304e043b,
-    0x304e844a,
+    0x304e844d,
-    0x304f045c,
+    0x304f0460,
-    0x304f846f,
+    0x304f8473,
-    0x30500482,
+    0x30500484,
-    0x30508493,
+    0x30508494,
-    0x305104a3,
+    0x305104ac,
-    0x305184bb,
+    0x305184c1,
-    0x305204d0,
+    0x305204d9,
-    0x305284e8,
+    0x305284ed,
-    0x305304fc,
+    0x30530505,
-    0x30538514,
+    0x3053851e,
-    0x3054052d,
+    0x30540537,
-    0x30548546,
+    0x30548554,
-    0x30550563,
+    0x3055055f,
-    0x3055856e,
+    0x30558577,
-    0x30560586,
+    0x30560587,
-    0x30568596,
+    0x30568598,
-    0x305705a7,
+    0x305705ab,
-    0x305785ba,
+    0x305785c1,
-    0x305805d0,
+    0x305805ca,
-    0x305885d9,
+    0x305885df,
-    0x305905ee,
+    0x305905f2,
    0x30598601,
-    0x305a0610,
+    0x305a0621,
    0x305a8630,
-    0x305b063f,
+    0x305b063c,
-    0x305b864b,
+    0x305b865c,
-    0x305c066b,
+    0x305c0678,
-    0x305c8687,
+    0x305c8689,
-    0x305d0698,
+    0x305d0693,
-    0x305d86a2,
+    0x34320aba,
-    0x34320ac9,
+    0x34328ace,
-    0x34328add,
+    0x34330aeb,
-    0x34330afa,
+    0x34338afe,
-    0x34338b0d,
+    0x34340b0d,
-    0x34340b1c,
+    0x34348b2a,
    0x34348b39,
    0x3c320083,
-    0x3c328bd8,
+    0x3c328bd5,
-    0x3c330bf1,
+    0x3c330bee,
-    0x3c338c0c,
+    0x3c338c09,
-    0x3c340c29,
+    0x3c340c26,
-    0x3c348c44,
+    0x3c348c50,
-    0x3c350c5f,
+    0x3c350c6b,
-    0x3c358c74,
+    0x3c358c80,
-    0x3c360c8d,
+    0x3c360c99,
-    0x3c368ca5,
+    0x3c368cb1,
-    0x3c370cb6,
+    0x3c370cc2,
-    0x3c378cc4,
+    0x3c378cd0,
-    0x3c380cd1,
+    0x3c380cdd,
-    0x3c388ce5,
+    0x3c388cf1,
-    0x3c390b9b,
+    0x3c390b98,
-    0x3c398cf9,
+    0x3c398d05,
-    0x3c3a0d0d,
+    0x3c3a0d19,
-    0x3c3a8881,
+    0x3c3a8872,
-    0x3c3b0d1d,
+    0x3c3b0d29,
-    0x3c3b8d38,
+    0x3c3b8d44,
-    0x3c3c0d4a,
+    0x3c3c0d56,
-    0x3c3c8d60,
+    0x3c3c8d6c,
-    0x3c3d0d6a,
+    0x3c3d0d76,
-    0x3c3d8d7e,
+    0x3c3d8d8a,
-    0x3c3e0d8c,
+    0x3c3e0d98,
-    0x3c3e8db1,
+    0x3c3e8dbd,
-    0x3c3f0bc4,
+    0x3c3f0bc1,
-    0x3c3f8d9a,
+    0x3c3f8da6,
    0x3c400094,
    0x3c4080b0,
    0x3c410c41,
    0x403217d3,
    0x403297e9,
    0x40331817,
@ -362,7 +368,7 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x403798b8,
    0x403818c3,
    0x403898d5,
-    0x40390de1,
+    0x40390ded,
    0x403998e5,
    0x403a18f8,
    0x403a9919,
@ -437,7 +443,7 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x405d1e9e,
    0x405d9eb5,
    0x405e1ed5,
-    0x405e8a17,
+    0x405e8a08,
    0x405f1ef6,
    0x405f9f03,
    0x40601f11,
@ -474,18 +480,18 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x406fa60d,
    0x40702620,
    0x4070a63d,
-    0x40710782,
+    0x40710773,
    0x4071a64f,
    0x40722662,
    0x4072a67b,
    0x40732693,
-    0x407390bd,
+    0x407390c9,
    0x407426a7,
    0x4074a6c1,
    0x407526d2,
    0x4075a6e6,
    0x407626f4,
-    0x40769286,
+    0x40769292,
    0x40772719,
    0x4077a73b,
    0x40782756,
@ -528,48 +534,48 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x422c251d,
    0x422ca4d8,
    0x422d24b7,
-    0x443206ad,
+    0x4432069e,
-    0x443286bc,
+    0x443286ad,
-    0x443306c8,
+    0x443306b9,
-    0x443386d6,
+    0x443386c7,
-    0x443406e9,
+    0x443406da,
-    0x443486fa,
+    0x443486eb,
-    0x44350701,
+    0x443506f2,
-    0x4435870b,
+    0x443586fc,
-    0x4436071e,
+    0x4436070f,
-    0x44368734,
+    0x44368725,
-    0x44370746,
+    0x44370737,
-    0x44378753,
+    0x44378744,
-    0x44380762,
+    0x44380753,
-    0x4438876a,
+    0x4438875b,
-    0x44390782,
+    0x44390773,
-    0x44398790,
+    0x44398781,
-    0x443a07a3,
+    0x443a0794,
-    0x4c3212b0,
+    0x4c3212bc,
-    0x4c3292c0,
+    0x4c3292cc,
-    0x4c3312d3,
+    0x4c3312df,
-    0x4c3392f3,
+    0x4c3392ff,
    0x4c340094,
    0x4c3480b0,
-    0x4c3512ff,
+    0x4c35130b,
-    0x4c35930d,
+    0x4c359319,
-    0x4c361329,
+    0x4c361335,
-    0x4c36933c,
+    0x4c369348,
-    0x4c37134b,
+    0x4c371357,
-    0x4c379359,
+    0x4c379365,
-    0x4c38136e,
+    0x4c38137a,
-    0x4c38937a,
+    0x4c389386,
-    0x4c39139a,
+    0x4c3913a6,
-    0x4c3993c4,
+    0x4c3993d0,
-    0x4c3a13dd,
+    0x4c3a13e9,
-    0x4c3a93f6,
+    0x4c3a9402,
-    0x4c3b05d0,
+    0x4c3b05c1,
-    0x4c3b940f,
+    0x4c3b941b,
-    0x4c3c1421,
+    0x4c3c142d,
-    0x4c3c9430,
+    0x4c3c943c,
-    0x4c3d10bd,
+    0x4c3d10c9,
-    0x4c3d9449,
+    0x4c3d9455,
-    0x4c3e1456,
+    0x4c3e1462,
    0x50322a92,
    0x5032aaa1,
    0x50332aac,
@ -607,7 +613,7 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x50432d43,
    0x5043ad53,
    0x50442d62,
-    0x50448414,
+    0x50448405,
    0x50452d76,
    0x5045ad94,
    0x50462da7,
@ -631,45 +637,45 @@ const uint32_t kOpenSSLReasonValues[] = {
    0x504f2f62,
    0x504faf79,
    0x50502f88,
-    0x50508687,
+    0x50508678,
    0x50512f9b,
-    0x58320e1f,
+    0x58320e2b,
-    0x68320de1,
+    0x68320ded,
-    0x68328b9b,
+    0x68328b98,
-    0x68330bae,
+    0x68330bab,
-    0x68338def,
+    0x68338dfb,
-    0x68340dff,
+    0x68340e0b,
    0x683480b0,
-    0x6c320dbd,
+    0x6c320dc9,
-    0x6c328b7e,
+    0x6c328b6f,
-    0x6c330dc8,
+    0x6c330dd4,
-    0x7432098d,
+    0x7432097e,
-    0x783208f2,
+    0x783208e3,
-    0x78328907,
+    0x783288f8,
-    0x78330913,
+    0x78330904,
    0x78338083,
-    0x78340922,
+    0x78340913,
-    0x78348937,
+    0x78348928,
-    0x78350956,
+    0x78350947,
-    0x78358978,
+    0x78358969,
-    0x7836098d,
+    0x7836097e,
-    0x783689a3,
+    0x78368994,
-    0x783709b3,
+    0x783709a4,
-    0x783789c6,
+    0x783789b7,
-    0x783809d9,
+    0x783809ca,
-    0x783889eb,
+    0x783889dc,
-    0x783909f8,
+    0x783909e9,
-    0x78398a17,
+    0x78398a08,
-    0x783a0a2c,
+    0x783a0a1d,
-    0x783a8a3a,
+    0x783a8a2b,
-    0x783b0a44,
+    0x783b0a35,
-    0x783b8a58,
+    0x783b8a49,
-    0x783c0a6f,
+    0x783c0a60,
-    0x783c8a84,
+    0x783c8a75,
-    0x783d0a9b,
+    0x783d0a8c,
-    0x783d8ab0,
+    0x783d8aa1,
-    0x783e0a06,
+    0x783e09f7,
-    0x7c3211b2,
+    0x7c3211be,
 };
 const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]);
@ -725,7 +731,6 @@ const char kOpenSSLReasonStringData[] =
    "INVALID_UNIVERSALSTRING_LENGTH\0"
    "INVALID_UTF8STRING\0"
    "LIST_ERROR\0"
    "MALLOC_FAILURE\0"
    "MISSING_ASN1_EOS\0"
    "MISSING_EOC\0"
    "MISSING_SECOND_NUMBER\0"
@ -833,6 +838,7 @@ const char kOpenSSLReasonStringData[] =
    "MODULUS_TOO_LARGE\0"
    "NO_PRIVATE_VALUE\0"
    "BAD_Q_VALUE\0"
    "BAD_VERSION\0"
    "MISSING_PARAMETERS\0"
    "NEED_NEW_SETUP_VALUES\0"
    "BIGNUM_OUT_OF_RANGE\0"
@ -840,6 +846,7 @@ const char kOpenSSLReasonStringData[] =
    "D2I_ECPKPARAMETERS_FAILURE\0"
    "EC_GROUP_NEW_BY_NAME_FAILURE\0"
    "GROUP2PKPARAMETERS_FAILURE\0"
    "GROUP_MISMATCH\0"
    "I2D_ECPKPARAMETERS_FAILURE\0"
    "INCOMPATIBLE_OBJECTS\0"
    "INVALID_COMPRESSED_POINT\0"
@ -948,7 +955,6 @@ const char kOpenSSLReasonStringData[] =
    "BAD_FIXED_HEADER_DECRYPT\0"
    "BAD_PAD_BYTE_COUNT\0"
    "BAD_RSA_PARAMETERS\0"
    "BAD_VERSION\0"
    "BLOCK_TYPE_IS_NOT_01\0"
    "BN_NOT_INITIALIZED\0"
    "CANNOT_RECOVER_MULTI_PRIME_KEY\0"
--- a/src/core/ext/lb_policy/pick_first/pick_first.c
+++ b/src/core/ext/lb_policy/pick_first/pick_first.c
@ -109,7 +109,7 @@ static void pf_shutdown(grpc_exec_ctx *exec_ctx, grpc_lb_policy *pol) {
  if (selected != NULL) {
    grpc_connected_subchannel_notify_on_state_change(
        exec_ctx, selected, NULL, NULL, &p->connectivity_changed);
-  } else {
+  } else if (p->num_subchannels > 0) {
    grpc_subchannel_notify_on_state_change(
        exec_ctx, p->subchannels[p->checking_subchannel], NULL, NULL,
        &p->connectivity_changed);
--- a/src/core/lib/security/credentials.c
+++ b/src/core/lib/security/credentials.c
@ -338,10 +338,11 @@ static void ssl_build_config(const char *pem_root_certs,
 static void ssl_build_server_config(
    const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
-    size_t num_key_cert_pairs, int force_client_auth,
+    size_t num_key_cert_pairs,
    grpc_ssl_client_certificate_request_type client_certificate_request,
    grpc_ssl_server_config *config) {
  size_t i;
-  config->force_client_auth = force_client_auth;
+  config->client_certificate_request = client_certificate_request;
  if (pem_root_certs != NULL) {
    ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
                          &config->pem_root_certs_size);
@ -391,21 +392,35 @@ grpc_channel_credentials *grpc_ssl_credentials_create(
 grpc_server_credentials *grpc_ssl_server_credentials_create(
    const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
    size_t num_key_cert_pairs, int force_client_auth, void *reserved) {
  return grpc_ssl_server_credentials_create_ex(
      pem_root_certs, pem_key_cert_pairs, num_key_cert_pairs,
      force_client_auth
          ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
          : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE,
      reserved);
 }
 grpc_server_credentials *grpc_ssl_server_credentials_create_ex(
    const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
    size_t num_key_cert_pairs,
    grpc_ssl_client_certificate_request_type client_certificate_request,
    void *reserved) {
  grpc_ssl_server_credentials *c =
      gpr_malloc(sizeof(grpc_ssl_server_credentials));
  GRPC_API_TRACE(
-      "grpc_ssl_server_credentials_create("
+      "grpc_ssl_server_credentials_create_ex("
      "pem_root_certs=%s, pem_key_cert_pairs=%p, num_key_cert_pairs=%lu, "
-      "force_client_auth=%d, reserved=%p)",
+      "client_certificate_request=%d, reserved=%p)",
      5, (pem_root_certs, pem_key_cert_pairs, (unsigned long)num_key_cert_pairs,
-          force_client_auth, reserved));
+          client_certificate_request, reserved));
  GPR_ASSERT(reserved == NULL);
  memset(c, 0, sizeof(grpc_ssl_server_credentials));
  c->base.type = GRPC_CHANNEL_CREDENTIALS_TYPE_SSL;
  gpr_ref_init(&c->base.refcount, 1);
  c->base.vtable = &ssl_server_vtable;
  ssl_build_server_config(pem_root_certs, pem_key_cert_pairs,
-                          num_key_cert_pairs, force_client_auth, &c->config);
+                          num_key_cert_pairs, client_certificate_request,
                          &c->config);
  return &c->base;
 }
--- a/src/core/lib/security/security_connector.c
+++ b/src/core/lib/security/security_connector.c
@ -668,6 +668,31 @@ gpr_slice grpc_get_default_ssl_roots_for_testing(void) {
  return compute_default_pem_root_certs_once();
 }
 static tsi_client_certificate_request_type
 get_tsi_client_certificate_request_type(
    grpc_ssl_client_certificate_request_type grpc_request_type) {
  switch (grpc_request_type) {
    case GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE:
      return TSI_DONT_REQUEST_CLIENT_CERTIFICATE;
    case GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
      return TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY;
    case GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
      return TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY;
    case GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
      return TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY;
    case GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
      return TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY;
    default:
      // Is this a sane default
      return TSI_DONT_REQUEST_CLIENT_CERTIFICATE;
  }
 }
 size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs) {
  /* TODO(jboeuf@google.com): Maybe revisit the approach which consists in
     loading all the roots once for the lifetime of the process. */
@ -782,15 +807,16 @@ grpc_security_status grpc_ssl_server_security_connector_create(
  gpr_ref_init(&c->base.base.refcount, 1);
  c->base.base.url_scheme = GRPC_SSL_URL_SCHEME;
  c->base.base.vtable = &ssl_server_vtable;
-  result = tsi_create_ssl_server_handshaker_factory(
+  result = tsi_create_ssl_server_handshaker_factory_ex(
      (const unsigned char **)config->pem_private_keys,
      config->pem_private_keys_sizes,
      (const unsigned char **)config->pem_cert_chains,
      config->pem_cert_chains_sizes, config->num_key_cert_pairs,
      config->pem_root_certs, config->pem_root_certs_size,
-      config->force_client_auth, ssl_cipher_suites(), alpn_protocol_strings,
+      get_tsi_client_certificate_request_type(
-      alpn_protocol_string_lengths, (uint16_t)num_alpn_protocols,
+          config->client_certificate_request),
-      &c->handshaker_factory);
+      ssl_cipher_suites(), alpn_protocol_strings, alpn_protocol_string_lengths,
      (uint16_t)num_alpn_protocols, &c->handshaker_factory);
  if (result != TSI_OK) {
    gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
            tsi_result_to_string(result));
--- a/src/core/lib/security/security_connector.h
+++ b/src/core/lib/security/security_connector.h
@ -241,7 +241,7 @@ typedef struct {
  size_t num_key_cert_pairs;
  unsigned char *pem_root_certs;
  size_t pem_root_certs_size;
-  int force_client_auth;
+  grpc_ssl_client_certificate_request_type client_certificate_request;
 } grpc_ssl_server_config;
 /* Creates an SSL server_security_connector.
--- a/src/core/lib/tsi/ssl_transport_security.c
+++ b/src/core/lib/tsi/ssl_transport_security.c
@ -718,6 +718,14 @@ static tsi_result build_alpn_protocol_name_list(
  return TSI_OK;
 }
 // The verification callback is used for clients that don't really care about
 // the server's certificate, but we need to pull it anyway, in case a higher
 // layer wants to look at it. In this case the verification may fail, but
 // we don't really care.
 static int NullVerifyCallback(int preverify_ok, X509_STORE_CTX *ctx) {
  return 1;
 }
 /* --- tsi_frame_protector methods implementation. ---*/
 static tsi_result ssl_protector_protect(tsi_frame_protector *self,
@ -1390,6 +1398,26 @@ tsi_result tsi_create_ssl_server_handshaker_factory(
    const char *cipher_list, const unsigned char **alpn_protocols,
    const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
    tsi_ssl_handshaker_factory **factory) {
  return tsi_create_ssl_server_handshaker_factory_ex(
      pem_private_keys, pem_private_keys_sizes, pem_cert_chains,
      pem_cert_chains_sizes, key_cert_pair_count, pem_client_root_certs,
      pem_client_root_certs_size,
      force_client_auth ? TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
                        : TSI_DONT_REQUEST_CLIENT_CERTIFICATE,
      cipher_list, alpn_protocols, alpn_protocols_lengths, num_alpn_protocols,
      factory);
 }
 tsi_result tsi_create_ssl_server_handshaker_factory_ex(
    const unsigned char **pem_private_keys,
    const size_t *pem_private_keys_sizes, const unsigned char **pem_cert_chains,
    const size_t *pem_cert_chains_sizes, size_t key_cert_pair_count,
    const unsigned char *pem_client_root_certs,
    size_t pem_client_root_certs_size,
    tsi_client_certificate_request_type client_certificate_request,
    const char *cipher_list, const unsigned char **alpn_protocols,
    const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
    tsi_ssl_handshaker_factory **factory) {
  tsi_ssl_server_handshaker_factory *impl = NULL;
  tsi_result result = TSI_OK;
  size_t i = 0;
@ -1445,7 +1473,6 @@ tsi_result tsi_create_ssl_server_handshaker_factory(
      if (result != TSI_OK) break;
      if (pem_client_root_certs != NULL) {
        int flags = SSL_VERIFY_PEER;
        STACK_OF(X509_NAME) *root_names = NULL;
        result = ssl_ctx_load_verification_certs(
            impl->ssl_contexts[i], pem_client_root_certs,
@ -1455,8 +1482,29 @@ tsi_result tsi_create_ssl_server_handshaker_factory(
          break;
        }
        SSL_CTX_set_client_CA_list(impl->ssl_contexts[i], root_names);
-        if (force_client_auth) flags |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+        switch (client_certificate_request) {
-        SSL_CTX_set_verify(impl->ssl_contexts[i], flags, NULL);
+          case TSI_DONT_REQUEST_CLIENT_CERTIFICATE:
            SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_NONE, NULL);
            break;
          case TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
            SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER,
                               NullVerifyCallback);
            break;
          case TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
            SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, NULL);
            break;
          case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
            SSL_CTX_set_verify(
                impl->ssl_contexts[i],
                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                NullVerifyCallback);
            break;
          case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
            SSL_CTX_set_verify(
                impl->ssl_contexts[i],
                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
            break;
        }
        /* TODO(jboeuf): Add revocation verification. */
      }
--- a/src/core/lib/tsi/ssl_transport_security.h
+++ b/src/core/lib/tsi/ssl_transport_security.h
@ -142,6 +142,23 @@ tsi_result tsi_create_ssl_server_handshaker_factory(
    const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
    tsi_ssl_handshaker_factory **factory);
 /* Same as tsi_create_ssl_server_handshaker_factory method except uses
   tsi_client_certificate_request_type to support more ways to handle client
   certificate authentication.
   - client_certificate_request, if set to non-zero will force the client to
     authenticate with an SSL cert. Note that this option is ignored if
     pem_client_root_certs is NULL or pem_client_roots_certs_size is 0 */
 tsi_result tsi_create_ssl_server_handshaker_factory_ex(
    const unsigned char **pem_private_keys,
    const size_t *pem_private_keys_sizes, const unsigned char **pem_cert_chains,
    const size_t *pem_cert_chains_sizes, size_t key_cert_pair_count,
    const unsigned char *pem_client_root_certs,
    size_t pem_client_root_certs_size,
    tsi_client_certificate_request_type client_certificate_request,
    const char *cipher_suites, const unsigned char **alpn_protocols,
    const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
    tsi_ssl_handshaker_factory **factory);
 /* Creates a handshaker.
  - self is the factory from which the handshaker will be created.
  - server_name_indication indicates the name of the server the client is
--- a/src/core/lib/tsi/transport_security_interface.h
+++ b/src/core/lib/tsi/transport_security_interface.h
@ -59,6 +59,15 @@ typedef enum {
  TSI_OUT_OF_RESOURCES = 12
 } tsi_result;
 typedef enum {
  // Default option
  TSI_DONT_REQUEST_CLIENT_CERTIFICATE,
  TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
  TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY,
  TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
  TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY,
 } tsi_client_certificate_request_type;
 const char *tsi_result_to_string(tsi_result result);
 /* --- tsi tracing --- */
--- a/src/cpp/server/secure_server_credentials.cc
+++ b/src/cpp/server/secure_server_credentials.cc
@ -130,10 +130,14 @@ std::shared_ptr<ServerCredentials> SslServerCredentials(
                                    key_cert_pair->cert_chain.c_str()};
    pem_key_cert_pairs.push_back(p);
  }
-  grpc_server_credentials* c_creds = grpc_ssl_server_credentials_create(
+  grpc_server_credentials* c_creds = grpc_ssl_server_credentials_create_ex(
      options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(),
      pem_key_cert_pairs.empty() ? nullptr : &pem_key_cert_pairs[0],
-      pem_key_cert_pairs.size(), options.force_client_auth, nullptr);
+      pem_key_cert_pairs.size(),
      options.force_client_auth
          ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
          : options.client_certificate_request,
      nullptr);
  return std::shared_ptr<ServerCredentials>(
      new SecureServerCredentials(c_creds));
 }
--- a/src/csharp/Grpc.IntegrationTesting/Control.cs
+++ b/src/csharp/Grpc.IntegrationTesting/Control.cs
--- a/src/csharp/Grpc.IntegrationTesting/Messages.cs
+++ b/src/csharp/Grpc.IntegrationTesting/Messages.cs
@ -47,11 +47,12 @@ namespace Grpc.Testing {
            "c3Npb24YBiABKA4yHS5ncnBjLnRlc3RpbmcuQ29tcHJlc3Npb25UeXBlEjEK",
            "D3Jlc3BvbnNlX3N0YXR1cxgHIAEoCzIYLmdycGMudGVzdGluZy5FY2hvU3Rh",
            "dHVzIkUKG1N0cmVhbWluZ091dHB1dENhbGxSZXNwb25zZRImCgdwYXlsb2Fk",
-            "GAEgASgLMhUuZ3JwYy50ZXN0aW5nLlBheWxvYWQiMwoNUmVjb25uZWN0SW5m",
+            "GAEgASgLMhUuZ3JwYy50ZXN0aW5nLlBheWxvYWQiMwoPUmVjb25uZWN0UGFy",
-            "bxIOCgZwYXNzZWQYASABKAgSEgoKYmFja29mZl9tcxgCIAMoBSo/CgtQYXls",
+            "YW1zEiAKGG1heF9yZWNvbm5lY3RfYmFja29mZl9tcxgBIAEoBSIzCg1SZWNv",
-            "b2FkVHlwZRIQCgxDT01QUkVTU0FCTEUQABISCg5VTkNPTVBSRVNTQUJMRRAB",
+            "bm5lY3RJbmZvEg4KBnBhc3NlZBgBIAEoCBISCgpiYWNrb2ZmX21zGAIgAygF",
-            "EgoKBlJBTkRPTRACKjIKD0NvbXByZXNzaW9uVHlwZRIICgROT05FEAASCAoE",
+            "Kj8KC1BheWxvYWRUeXBlEhAKDENPTVBSRVNTQUJMRRAAEhIKDlVOQ09NUFJF",
-            "R1pJUBABEgsKB0RFRkxBVEUQAmIGcHJvdG8z"));
+            "U1NBQkxFEAESCgoGUkFORE9NEAIqMgoPQ29tcHJlc3Npb25UeXBlEggKBE5P",
            "TkUQABIICgRHWklQEAESCwoHREVGTEFURRACYgZwcm90bzM="));
      descriptor = pbr::FileDescriptor.FromGeneratedCode(descriptorData,
          new pbr::FileDescriptor[] { },
          new pbr::GeneratedCodeInfo(new[] {typeof(global::Grpc.Testing.PayloadType), typeof(global::Grpc.Testing.CompressionType), }, new pbr::GeneratedCodeInfo[] {
@ -64,6 +65,7 @@ namespace Grpc.Testing {
            new pbr::GeneratedCodeInfo(typeof(global::Grpc.Testing.ResponseParameters), global::Grpc.Testing.ResponseParameters.Parser, new[]{ "Size", "IntervalUs" }, null, null, null),
            new pbr::GeneratedCodeInfo(typeof(global::Grpc.Testing.StreamingOutputCallRequest), global::Grpc.Testing.StreamingOutputCallRequest.Parser, new[]{ "ResponseType", "ResponseParameters", "Payload", "ResponseCompression", "ResponseStatus" }, null, null, null),
            new pbr::GeneratedCodeInfo(typeof(global::Grpc.Testing.StreamingOutputCallResponse), global::Grpc.Testing.StreamingOutputCallResponse.Parser, new[]{ "Payload" }, null, null, null),
            new pbr::GeneratedCodeInfo(typeof(global::Grpc.Testing.ReconnectParams), global::Grpc.Testing.ReconnectParams.Parser, new[]{ "MaxReconnectBackoffMs" }, null, null, null),
            new pbr::GeneratedCodeInfo(typeof(global::Grpc.Testing.ReconnectInfo), global::Grpc.Testing.ReconnectInfo.Parser, new[]{ "Passed", "BackoffMs" }, null, null, null)
          }));
    }
@ -1572,6 +1574,113 @@ namespace Grpc.Testing {
  }
  /// <summary>
  ///  For reconnect interop test only.
  ///  Client tells server what reconnection parameters it used.
  /// </summary>
  [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
  public sealed partial class ReconnectParams : pb::IMessage<ReconnectParams> {
    private static readonly pb::MessageParser<ReconnectParams> _parser = new pb::MessageParser<ReconnectParams>(() => new ReconnectParams());
    public static pb::MessageParser<ReconnectParams> Parser { get { return _parser; } }
    public static pbr::MessageDescriptor Descriptor {
      get { return global::Grpc.Testing.MessagesReflection.Descriptor.MessageTypes[9]; }
    }
    pbr::MessageDescriptor pb::IMessage.Descriptor {
      get { return Descriptor; }
    }
    public ReconnectParams() {
      OnConstruction();
    }
    partial void OnConstruction();
    public ReconnectParams(ReconnectParams other) : this() {
      maxReconnectBackoffMs_ = other.maxReconnectBackoffMs_;
    }
    public ReconnectParams Clone() {
      return new ReconnectParams(this);
    }
    /// <summary>Field number for the "max_reconnect_backoff_ms" field.</summary>
    public const int MaxReconnectBackoffMsFieldNumber = 1;
    private int maxReconnectBackoffMs_;
    public int MaxReconnectBackoffMs {
      get { return maxReconnectBackoffMs_; }
      set {
        maxReconnectBackoffMs_ = value;
      }
    }
    public override bool Equals(object other) {
      return Equals(other as ReconnectParams);
    }
    public bool Equals(ReconnectParams other) {
      if (ReferenceEquals(other, null)) {
        return false;
      }
      if (ReferenceEquals(other, this)) {
        return true;
      }
      if (MaxReconnectBackoffMs != other.MaxReconnectBackoffMs) return false;
      return true;
    }
    public override int GetHashCode() {
      int hash = 1;
      if (MaxReconnectBackoffMs != 0) hash ^= MaxReconnectBackoffMs.GetHashCode();
      return hash;
    }
    public override string ToString() {
      return pb::JsonFormatter.ToDiagnosticString(this);
    }
    public void WriteTo(pb::CodedOutputStream output) {
      if (MaxReconnectBackoffMs != 0) {
        output.WriteRawTag(8);
        output.WriteInt32(MaxReconnectBackoffMs);
      }
    }
    public int CalculateSize() {
      int size = 0;
      if (MaxReconnectBackoffMs != 0) {
        size += 1 + pb::CodedOutputStream.ComputeInt32Size(MaxReconnectBackoffMs);
      }
      return size;
    }
    public void MergeFrom(ReconnectParams other) {
      if (other == null) {
        return;
      }
      if (other.MaxReconnectBackoffMs != 0) {
        MaxReconnectBackoffMs = other.MaxReconnectBackoffMs;
      }
    }
    public void MergeFrom(pb::CodedInputStream input) {
      uint tag;
      while ((tag = input.ReadTag()) != 0) {
        switch(tag) {
          default:
            input.SkipLastField();
            break;
          case 8: {
            MaxReconnectBackoffMs = input.ReadInt32();
            break;
          }
        }
      }
    }
  }
  /// <summary>
  ///  For reconnect interop test only.
  ///  Server tells client whether its reconnects are following the spec and the
@ -1583,7 +1692,7 @@ namespace Grpc.Testing {
    public static pb::MessageParser<ReconnectInfo> Parser { get { return _parser; } }
    public static pbr::MessageDescriptor Descriptor {
-      get { return global::Grpc.Testing.MessagesReflection.Descriptor.MessageTypes[9]; }
+      get { return global::Grpc.Testing.MessagesReflection.Descriptor.MessageTypes[10]; }
    }
    pbr::MessageDescriptor pb::IMessage.Descriptor {
--- a/src/csharp/Grpc.IntegrationTesting/Test.cs
+++ b/src/csharp/Grpc.IntegrationTesting/Test.cs
@ -40,10 +40,10 @@ namespace Grpc.Testing {
            "bWluZ091dHB1dENhbGxSZXF1ZXN0GikuZ3JwYy50ZXN0aW5nLlN0cmVhbWlu",
            "Z091dHB1dENhbGxSZXNwb25zZSgBMAEyVQoUVW5pbXBsZW1lbnRlZFNlcnZp",
            "Y2USPQoRVW5pbXBsZW1lbnRlZENhbGwSEy5ncnBjLnRlc3RpbmcuRW1wdHka",
-            "Ey5ncnBjLnRlc3RpbmcuRW1wdHkyfwoQUmVjb25uZWN0U2VydmljZRIxCgVT",
+            "Ey5ncnBjLnRlc3RpbmcuRW1wdHkyiQEKEFJlY29ubmVjdFNlcnZpY2USOwoF",
-            "dGFydBITLmdycGMudGVzdGluZy5FbXB0eRoTLmdycGMudGVzdGluZy5FbXB0",
+            "U3RhcnQSHS5ncnBjLnRlc3RpbmcuUmVjb25uZWN0UGFyYW1zGhMuZ3JwYy50",
-            "eRI4CgRTdG9wEhMuZ3JwYy50ZXN0aW5nLkVtcHR5GhsuZ3JwYy50ZXN0aW5n",
+            "ZXN0aW5nLkVtcHR5EjgKBFN0b3ASEy5ncnBjLnRlc3RpbmcuRW1wdHkaGy5n",
-            "LlJlY29ubmVjdEluZm9iBnByb3RvMw=="));
+            "cnBjLnRlc3RpbmcuUmVjb25uZWN0SW5mb2IGcHJvdG8z"));
      descriptor = pbr::FileDescriptor.FromGeneratedCode(descriptorData,
          new pbr::FileDescriptor[] { global::Grpc.Testing.EmptyReflection.Descriptor, global::Grpc.Testing.MessagesReflection.Descriptor, },
          new pbr::GeneratedCodeInfo(null, null));
--- a/src/csharp/Grpc.IntegrationTesting/TestGrpc.cs
+++ b/src/csharp/Grpc.IntegrationTesting/TestGrpc.cs
@ -367,14 +367,15 @@ namespace Grpc.Testing {
  {
    static readonly string __ServiceName = "grpc.testing.ReconnectService";
    static readonly Marshaller<global::Grpc.Testing.ReconnectParams> __Marshaller_ReconnectParams = Marshallers.Create((arg) => global::Google.Protobuf.MessageExtensions.ToByteArray(arg), global::Grpc.Testing.ReconnectParams.Parser.ParseFrom);
    static readonly Marshaller<global::Grpc.Testing.Empty> __Marshaller_Empty = Marshallers.Create((arg) => global::Google.Protobuf.MessageExtensions.ToByteArray(arg), global::Grpc.Testing.Empty.Parser.ParseFrom);
    static readonly Marshaller<global::Grpc.Testing.ReconnectInfo> __Marshaller_ReconnectInfo = Marshallers.Create((arg) => global::Google.Protobuf.MessageExtensions.ToByteArray(arg), global::Grpc.Testing.ReconnectInfo.Parser.ParseFrom);
-    static readonly Method<global::Grpc.Testing.Empty, global::Grpc.Testing.Empty> __Method_Start = new Method<global::Grpc.Testing.Empty, global::Grpc.Testing.Empty>(
+    static readonly Method<global::Grpc.Testing.ReconnectParams, global::Grpc.Testing.Empty> __Method_Start = new Method<global::Grpc.Testing.ReconnectParams, global::Grpc.Testing.Empty>(
        MethodType.Unary,
        __ServiceName,
        "Start",
-        __Marshaller_Empty,
+        __Marshaller_ReconnectParams,
        __Marshaller_Empty);
    static readonly Method<global::Grpc.Testing.Empty, global::Grpc.Testing.ReconnectInfo> __Method_Stop = new Method<global::Grpc.Testing.Empty, global::Grpc.Testing.ReconnectInfo>(
@ -394,10 +395,10 @@ namespace Grpc.Testing {
    [System.Obsolete("Client side interfaced will be removed in the next release. Use client class directly.")]
    public interface IReconnectServiceClient
    {
-      global::Grpc.Testing.Empty Start(global::Grpc.Testing.Empty request, Metadata headers = null, DateTime? deadline = null, CancellationToken cancellationToken = default(CancellationToken));
+      global::Grpc.Testing.Empty Start(global::Grpc.Testing.ReconnectParams request, Metadata headers = null, DateTime? deadline = null, CancellationToken cancellationToken = default(CancellationToken));
-      global::Grpc.Testing.Empty Start(global::Grpc.Testing.Empty request, CallOptions options);
+      global::Grpc.Testing.Empty Start(global::Grpc.Testing.ReconnectParams request, CallOptions options);
-      AsyncUnaryCall<global::Grpc.Testing.Empty> StartAsync(global::Grpc.Testing.Empty request, Metadata headers = null, DateTime? deadline = null, CancellationToken cancellationToken = default(CancellationToken));
+      AsyncUnaryCall<global::Grpc.Testing.Empty> StartAsync(global::Grpc.Testing.ReconnectParams request, Metadata headers = null, DateTime? deadline = null, CancellationToken cancellationToken = default(CancellationToken));
-      AsyncUnaryCall<global::Grpc.Testing.Empty> StartAsync(global::Grpc.Testing.Empty request, CallOptions options);
+      AsyncUnaryCall<global::Grpc.Testing.Empty> StartAsync(global::Grpc.Testing.ReconnectParams request, CallOptions options);
      global::Grpc.Testing.ReconnectInfo Stop(global::Grpc.Testing.Empty request, Metadata headers = null, DateTime? deadline = null, CancellationToken cancellationToken = default(CancellationToken));
      global::Grpc.Testing.ReconnectInfo Stop(global::Grpc.Testing.Empty request, CallOptions options);
      AsyncUnaryCall<global::Grpc.Testing.ReconnectInfo> StopAsync(global::Grpc.Testing.Empty request, Metadata headers = null, DateTime? deadline = null, CancellationToken cancellationToken = default(CancellationToken));
@ -408,14 +409,14 @@ namespace Grpc.Testing {
    [System.Obsolete("Service implementations should inherit from the generated abstract base class instead.")]
    public interface IReconnectService
    {
-      Task<global::Grpc.Testing.Empty> Start(global::Grpc.Testing.Empty request, ServerCallContext context);
+      Task<global::Grpc.Testing.Empty> Start(global::Grpc.Testing.ReconnectParams request, ServerCallContext context);
      Task<global::Grpc.Testing.ReconnectInfo> Stop(global::Grpc.Testing.Empty request, ServerCallContext context);
    }
    // server-side abstract class
    public abstract class ReconnectServiceBase
    {
-      public virtual Task<global::Grpc.Testing.Empty> Start(global::Grpc.Testing.Empty request, ServerCallContext context)
+      public virtual Task<global::Grpc.Testing.Empty> Start(global::Grpc.Testing.ReconnectParams request, ServerCallContext context)
      {
        throw new RpcException(new Status(StatusCode.Unimplemented, ""));
      }
@ -445,19 +446,19 @@ namespace Grpc.Testing {
      {
      }
-      public virtual global::Grpc.Testing.Empty Start(global::Grpc.Testing.Empty request, Metadata headers = null, DateTime? deadline = null, CancellationToken cancellationToken = default(CancellationToken))
+      public virtual global::Grpc.Testing.Empty Start(global::Grpc.Testing.ReconnectParams request, Metadata headers = null, DateTime? deadline = null, CancellationToken cancellationToken = default(CancellationToken))
      {
        return Start(request, new CallOptions(headers, deadline, cancellationToken));
      }
-      public virtual global::Grpc.Testing.Empty Start(global::Grpc.Testing.Empty request, CallOptions options)
+      public virtual global::Grpc.Testing.Empty Start(global::Grpc.Testing.ReconnectParams request, CallOptions options)
      {
        return CallInvoker.BlockingUnaryCall(__Method_Start, null, options, request);
      }
-      public virtual AsyncUnaryCall<global::Grpc.Testing.Empty> StartAsync(global::Grpc.Testing.Empty request, Metadata headers = null, DateTime? deadline = null, CancellationToken cancellationToken = default(CancellationToken))
+      public virtual AsyncUnaryCall<global::Grpc.Testing.Empty> StartAsync(global::Grpc.Testing.ReconnectParams request, Metadata headers = null, DateTime? deadline = null, CancellationToken cancellationToken = default(CancellationToken))
      {
        return StartAsync(request, new CallOptions(headers, deadline, cancellationToken));
      }
-      public virtual AsyncUnaryCall<global::Grpc.Testing.Empty> StartAsync(global::Grpc.Testing.Empty request, CallOptions options)
+      public virtual AsyncUnaryCall<global::Grpc.Testing.Empty> StartAsync(global::Grpc.Testing.ReconnectParams request, CallOptions options)
      {
        return CallInvoker.AsyncUnaryCall(__Method_Start, null, options, request);
      }
--- a/src/csharp/ext/grpc_csharp_ext.c
+++ b/src/csharp/ext/grpc_csharp_ext.c
@ -911,9 +911,12 @@ grpcsharp_ssl_server_credentials_create(
      key_cert_pairs[i].private_key = key_cert_pair_private_key_array[i];
    }
  }
-  creds = grpc_ssl_server_credentials_create(pem_root_certs, key_cert_pairs,
+  creds = grpc_ssl_server_credentials_create_ex(
-                                             num_key_cert_pairs,
+      pem_root_certs, key_cert_pairs, num_key_cert_pairs,
-                                             force_client_auth, NULL);
+      force_client_auth
          ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
          : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE,
      NULL);
  gpr_free(key_cert_pairs);
  return creds;
 }
--- a/src/node/ext/server_credentials.cc
+++ b/src/node/ext/server_credentials.cc
@ -145,9 +145,13 @@ NAN_METHOD(ServerCredentials::CreateSsl) {
    return Nan::ThrowTypeError(
        "createSsl's second argument must be a list of objects");
  }
-  int force_client_auth = 0;
+
  grpc_ssl_client_certificate_request_type client_certificate_request;
  if (info[2]->IsBoolean()) {
-    force_client_auth = (int)Nan::To<bool>(info[2]).FromJust();
+    client_certificate_request =
        Nan::To<bool>(info[2]).FromJust()
            ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
            : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
  } else if (!(info[2]->IsUndefined() || info[2]->IsNull())) {
    return Nan::ThrowTypeError(
        "createSsl's third argument must be a boolean if provided");
@ -180,8 +184,9 @@ NAN_METHOD(ServerCredentials::CreateSsl) {
    key_cert_pairs[i].private_key = ::node::Buffer::Data(maybe_key);
    key_cert_pairs[i].cert_chain = ::node::Buffer::Data(maybe_cert);
  }
-  grpc_server_credentials *creds = grpc_ssl_server_credentials_create(
+  grpc_server_credentials *creds = grpc_ssl_server_credentials_create_ex(
-      root_certs, key_cert_pairs, key_cert_pair_count, force_client_auth, NULL);
+      root_certs, key_cert_pairs, key_cert_pair_count,
      client_certificate_request, NULL);
  delete key_cert_pairs;
  if (creds == NULL) {
    info.GetReturnValue().SetNull();
--- a/src/php/ext/grpc/server_credentials.c
+++ b/src/php/ext/grpc/server_credentials.c
@ -115,10 +115,11 @@ PHP_METHOD(ServerCredentials, createSsl) {
                         "createSsl expects 3 strings", 1 TSRMLS_CC);
    return;
  }
-  /* TODO: add a force_client_auth field in ServerCredentials and pass it as
+  /* TODO: add a client_certificate_request field in ServerCredentials and pass
-   * the last parameter. */
+   * it as the last parameter. */
-  grpc_server_credentials *creds = grpc_ssl_server_credentials_create(
+  grpc_server_credentials *creds = grpc_ssl_server_credentials_create_ex(
-      pem_root_certs, &pem_key_cert_pair, 1, 0, NULL);
+      pem_root_certs, &pem_key_cert_pair, 1,
      GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, NULL);
  zval *creds_object = grpc_php_wrap_server_credentials(creds);
  RETURN_DESTROY_ZVAL(creds_object);
 }
--- a/src/proto/grpc/testing/control.proto
+++ b/src/proto/grpc/testing/control.proto
@ -57,18 +57,6 @@ message PoissonParams {
  double offered_load = 1;
 }
 message UniformParams {
  double interarrival_lo = 1;
  double interarrival_hi = 2;
 }
 message DeterministicParams { double offered_load = 1; }
 message ParetoParams {
  double interarrival_base = 1;
  double alpha = 2;
 }
 // Once an RPC finishes, immediately start a new one.
 // No configuration parameters needed.
 message ClosedLoopParams {}
@ -77,9 +65,6 @@ message LoadParams {
  oneof load {
    ClosedLoopParams closed_loop = 1;
    PoissonParams poisson = 2;
    UniformParams uniform = 3;
    DeterministicParams determ = 4;
    ParetoParams pareto = 5;
  };
 }
--- a/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi
+++ b/src/python/grpcio/grpc/_cython/_cygrpc/credentials.pyx.pxi
@ -302,6 +302,8 @@ def server_credentials_ssl(pem_root_certs, pem_key_cert_pairs,
        (<SslPemKeyCertPair>pem_key_cert_pairs[i]).c_pair)
  credentials.c_credentials = grpc_ssl_server_credentials_create(
      c_pem_root_certs, credentials.c_ssl_pem_key_cert_pairs,
-      credentials.c_ssl_pem_key_cert_pairs_count, force_client_auth, NULL)
+      credentials.c_ssl_pem_key_cert_pairs_count,
      GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY if force_client_auth else GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE,
      NULL)
  return credentials
--- a/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi
+++ b/src/python/grpcio/grpc/_cython/_cygrpc/grpc.pxi
@ -105,6 +105,13 @@ cdef extern from "grpc/_cython/loader.h":
    GRPC_SSL_ROOTS_OVERRIDE_FAILED_PERMANENTLY
    GRPC_SSL_ROOTS_OVERRIDE_FAILED
  ctypedef enum grpc_ssl_client_certificate_request_type:
    GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE,
    GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY
    GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY
    GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY
    GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
  struct grpc_byte_buffer_reader:
    # We don't care about the internals
    pass
--- a/src/python/grpcio/grpc/_cython/imports.generated.c
+++ b/src/python/grpcio/grpc/_cython/imports.generated.c
@ -152,6 +152,7 @@ grpc_metadata_credentials_create_from_plugin_type grpc_metadata_credentials_crea
 grpc_secure_channel_create_type grpc_secure_channel_create_import;
 grpc_server_credentials_release_type grpc_server_credentials_release_import;
 grpc_ssl_server_credentials_create_type grpc_ssl_server_credentials_create_import;
 grpc_ssl_server_credentials_create_ex_type grpc_ssl_server_credentials_create_ex_import;
 grpc_server_add_secure_http2_port_type grpc_server_add_secure_http2_port_import;
 grpc_call_set_credentials_type grpc_call_set_credentials_import;
 grpc_server_credentials_set_auth_metadata_processor_type grpc_server_credentials_set_auth_metadata_processor_import;
@ -420,6 +421,7 @@ void pygrpc_load_imports(HMODULE library) {
  grpc_secure_channel_create_import = (grpc_secure_channel_create_type) GetProcAddress(library, "grpc_secure_channel_create");
  grpc_server_credentials_release_import = (grpc_server_credentials_release_type) GetProcAddress(library, "grpc_server_credentials_release");
  grpc_ssl_server_credentials_create_import = (grpc_ssl_server_credentials_create_type) GetProcAddress(library, "grpc_ssl_server_credentials_create");
  grpc_ssl_server_credentials_create_ex_import = (grpc_ssl_server_credentials_create_ex_type) GetProcAddress(library, "grpc_ssl_server_credentials_create_ex");
  grpc_server_add_secure_http2_port_import = (grpc_server_add_secure_http2_port_type) GetProcAddress(library, "grpc_server_add_secure_http2_port");
  grpc_call_set_credentials_import = (grpc_call_set_credentials_type) GetProcAddress(library, "grpc_call_set_credentials");
  grpc_server_credentials_set_auth_metadata_processor_import = (grpc_server_credentials_set_auth_metadata_processor_type) GetProcAddress(library, "grpc_server_credentials_set_auth_metadata_processor");
--- a/src/python/grpcio/grpc/_cython/imports.generated.h
+++ b/src/python/grpcio/grpc/_cython/imports.generated.h
@ -406,6 +406,9 @@ extern grpc_server_credentials_release_type grpc_server_credentials_release_impo
 typedef grpc_server_credentials *(*grpc_ssl_server_credentials_create_type)(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved);
 extern grpc_ssl_server_credentials_create_type grpc_ssl_server_credentials_create_import;
 #define grpc_ssl_server_credentials_create grpc_ssl_server_credentials_create_import
 typedef grpc_server_credentials *(*grpc_ssl_server_credentials_create_ex_type)(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved);
 extern grpc_ssl_server_credentials_create_ex_type grpc_ssl_server_credentials_create_ex_import;
 #define grpc_ssl_server_credentials_create_ex grpc_ssl_server_credentials_create_ex_import
 typedef int(*grpc_server_add_secure_http2_port_type)(grpc_server *server, const char *addr, grpc_server_credentials *creds);
 extern grpc_server_add_secure_http2_port_type grpc_server_add_secure_http2_port_import;
 #define grpc_server_add_secure_http2_port grpc_server_add_secure_http2_port_import
--- a/src/python/grpcio/grpc_core_dependencies.py
+++ b/src/python/grpcio/grpc_core_dependencies.py
@ -311,6 +311,7 @@ CORE_SOURCE_FILES = [
  'third_party/boringssl/crypto/bn/shift.c',
  'third_party/boringssl/crypto/bn/sqrt.c',
  'third_party/boringssl/crypto/buf/buf.c',
  'third_party/boringssl/crypto/bytestring/asn1_compat.c',
  'third_party/boringssl/crypto/bytestring/ber.c',
  'third_party/boringssl/crypto/bytestring/cbb.c',
  'third_party/boringssl/crypto/bytestring/cbs.c',
@ -334,6 +335,7 @@ CORE_SOURCE_FILES = [
  'third_party/boringssl/crypto/cpu-intel.c',
  'third_party/boringssl/crypto/crypto.c',
  'third_party/boringssl/crypto/curve25519/curve25519.c',
  'third_party/boringssl/crypto/curve25519/x25519-x86_64.c',
  'third_party/boringssl/crypto/des/des.c',
  'third_party/boringssl/crypto/dh/check.c',
  'third_party/boringssl/crypto/dh/dh.c',
@ -525,6 +527,7 @@ CORE_SOURCE_FILES = [
  'third_party/boringssl/ssl/ssl_buffer.c',
  'third_party/boringssl/ssl/ssl_cert.c',
  'third_party/boringssl/ssl/ssl_cipher.c',
  'third_party/boringssl/ssl/ssl_ecdh.c',
  'third_party/boringssl/ssl/ssl_file.c',
  'third_party/boringssl/ssl/ssl_lib.c',
  'third_party/boringssl/ssl/ssl_rsa.c',
--- a/src/ruby/ext/grpc/rb_grpc_imports.generated.c
+++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.c
@ -152,6 +152,7 @@ grpc_metadata_credentials_create_from_plugin_type grpc_metadata_credentials_crea
 grpc_secure_channel_create_type grpc_secure_channel_create_import;
 grpc_server_credentials_release_type grpc_server_credentials_release_import;
 grpc_ssl_server_credentials_create_type grpc_ssl_server_credentials_create_import;
 grpc_ssl_server_credentials_create_ex_type grpc_ssl_server_credentials_create_ex_import;
 grpc_server_add_secure_http2_port_type grpc_server_add_secure_http2_port_import;
 grpc_call_set_credentials_type grpc_call_set_credentials_import;
 grpc_server_credentials_set_auth_metadata_processor_type grpc_server_credentials_set_auth_metadata_processor_import;
@ -416,6 +417,7 @@ void grpc_rb_load_imports(HMODULE library) {
  grpc_secure_channel_create_import = (grpc_secure_channel_create_type) GetProcAddress(library, "grpc_secure_channel_create");
  grpc_server_credentials_release_import = (grpc_server_credentials_release_type) GetProcAddress(library, "grpc_server_credentials_release");
  grpc_ssl_server_credentials_create_import = (grpc_ssl_server_credentials_create_type) GetProcAddress(library, "grpc_ssl_server_credentials_create");
  grpc_ssl_server_credentials_create_ex_import = (grpc_ssl_server_credentials_create_ex_type) GetProcAddress(library, "grpc_ssl_server_credentials_create_ex");
  grpc_server_add_secure_http2_port_import = (grpc_server_add_secure_http2_port_type) GetProcAddress(library, "grpc_server_add_secure_http2_port");
  grpc_call_set_credentials_import = (grpc_call_set_credentials_type) GetProcAddress(library, "grpc_call_set_credentials");
  grpc_server_credentials_set_auth_metadata_processor_import = (grpc_server_credentials_set_auth_metadata_processor_type) GetProcAddress(library, "grpc_server_credentials_set_auth_metadata_processor");
--- a/src/ruby/ext/grpc/rb_grpc_imports.generated.h
+++ b/src/ruby/ext/grpc/rb_grpc_imports.generated.h
@ -406,6 +406,9 @@ extern grpc_server_credentials_release_type grpc_server_credentials_release_impo
 typedef grpc_server_credentials *(*grpc_ssl_server_credentials_create_type)(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, int force_client_auth, void *reserved);
 extern grpc_ssl_server_credentials_create_type grpc_ssl_server_credentials_create_import;
 #define grpc_ssl_server_credentials_create grpc_ssl_server_credentials_create_import
 typedef grpc_server_credentials *(*grpc_ssl_server_credentials_create_ex_type)(const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, grpc_ssl_client_certificate_request_type client_certificate_request, void *reserved);
 extern grpc_ssl_server_credentials_create_ex_type grpc_ssl_server_credentials_create_ex_import;
 #define grpc_ssl_server_credentials_create_ex grpc_ssl_server_credentials_create_ex_import
 typedef int(*grpc_server_add_secure_http2_port_type)(grpc_server *server, const char *addr, grpc_server_credentials *creds);
 extern grpc_server_add_secure_http2_port_type grpc_server_add_secure_http2_port_import;
 #define grpc_server_add_secure_http2_port grpc_server_add_secure_http2_port_import
--- a/src/ruby/ext/grpc/rb_server_credentials.c
+++ b/src/ruby/ext/grpc/rb_server_credentials.c
@ -90,9 +90,12 @@ static void grpc_rb_server_credentials_mark(void *p) {
 static const rb_data_type_t grpc_rb_server_credentials_data_type = {
    "grpc_server_credentials",
-    {grpc_rb_server_credentials_mark, grpc_rb_server_credentials_free,
+    {grpc_rb_server_credentials_mark,
-     GRPC_RB_MEMSIZE_UNAVAILABLE, {NULL, NULL}},
+     grpc_rb_server_credentials_free,
-    NULL, NULL,
+     GRPC_RB_MEMSIZE_UNAVAILABLE,
     {NULL, NULL}},
    NULL,
    NULL,
 #ifdef RUBY_TYPED_FREE_IMMEDIATELY
    RUBY_TYPED_FREE_IMMEDIATELY
 #endif
@ -219,7 +222,9 @@ static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs,
    }
  }
-  auth_client = TYPE(force_client_auth) == T_TRUE;
+  auth_client = TYPE(force_client_auth) == T_TRUE
                    ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
                    : GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
  key_cert_pairs = ALLOC_N(grpc_ssl_pem_key_cert_pair, num_key_certs);
  for (i = 0; i < num_key_certs; i++) {
    key_cert = rb_ary_entry(pem_key_certs, i);
@ -233,13 +238,12 @@ static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs,
                       &grpc_rb_server_credentials_data_type, wrapper);
  if (pem_root_certs == Qnil) {
-    creds = grpc_ssl_server_credentials_create(NULL, key_cert_pairs,
+    creds = grpc_ssl_server_credentials_create_ex(
-                                               num_key_certs,
+        NULL, key_cert_pairs, num_key_certs, auth_client, NULL);
                                               auth_client, NULL);
  } else {
-    creds = grpc_ssl_server_credentials_create(RSTRING_PTR(pem_root_certs),
+    creds = grpc_ssl_server_credentials_create_ex(RSTRING_PTR(pem_root_certs),
-                                               key_cert_pairs, num_key_certs,
+                                                  key_cert_pairs, num_key_certs,
-                                               auth_client, NULL);
+                                                  auth_client, NULL);
  }
  xfree(key_cert_pairs);
  if (creds == NULL) {
--- a/src/ruby/qps/src/proto/grpc/testing/control.rb
+++ b/src/ruby/qps/src/proto/grpc/testing/control.rb
@ -9,26 +9,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
  add_message "grpc.testing.PoissonParams" do
    optional :offered_load, :double, 1
  end
  add_message "grpc.testing.UniformParams" do
    optional :interarrival_lo, :double, 1
    optional :interarrival_hi, :double, 2
  end
  add_message "grpc.testing.DeterministicParams" do
    optional :offered_load, :double, 1
  end
  add_message "grpc.testing.ParetoParams" do
    optional :interarrival_base, :double, 1
    optional :alpha, :double, 2
  end
  add_message "grpc.testing.ClosedLoopParams" do
  end
  add_message "grpc.testing.LoadParams" do
    oneof :load do
      optional :closed_loop, :message, 1, "grpc.testing.ClosedLoopParams"
      optional :poisson, :message, 2, "grpc.testing.PoissonParams"
      optional :uniform, :message, 3, "grpc.testing.UniformParams"
      optional :determ, :message, 4, "grpc.testing.DeterministicParams"
      optional :pareto, :message, 5, "grpc.testing.ParetoParams"
    end
  end
  add_message "grpc.testing.SecurityParams" do
@ -88,6 +74,40 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
  end
  add_message "grpc.testing.Void" do
  end
  add_message "grpc.testing.Scenario" do
    optional :name, :string, 1
    optional :client_config, :message, 2, "grpc.testing.ClientConfig"
    optional :num_clients, :int32, 3
    optional :server_config, :message, 4, "grpc.testing.ServerConfig"
    optional :num_servers, :int32, 5
    optional :warmup_seconds, :int32, 6
    optional :benchmark_seconds, :int32, 7
    optional :spawn_local_worker_count, :int32, 8
  end
  add_message "grpc.testing.Scenarios" do
    repeated :scenarios, :message, 1, "grpc.testing.Scenario"
  end
  add_message "grpc.testing.ScenarioResultSummary" do
    optional :qps, :double, 1
    optional :qps_per_server_core, :double, 2
    optional :server_system_time, :double, 3
    optional :server_user_time, :double, 4
    optional :client_system_time, :double, 5
    optional :client_user_time, :double, 6
    optional :latency_50, :double, 7
    optional :latency_90, :double, 8
    optional :latency_95, :double, 9
    optional :latency_99, :double, 10
    optional :latency_999, :double, 11
  end
  add_message "grpc.testing.ScenarioResult" do
    optional :scenario, :message, 1, "grpc.testing.Scenario"
    optional :latencies, :message, 2, "grpc.testing.HistogramData"
    repeated :client_stats, :message, 3, "grpc.testing.ClientStats"
    repeated :server_stats, :message, 4, "grpc.testing.ServerStats"
    repeated :server_cores, :int32, 5
    optional :summary, :message, 6, "grpc.testing.ScenarioResultSummary"
  end
  add_enum "grpc.testing.ClientType" do
    value :SYNC_CLIENT, 0
    value :ASYNC_CLIENT, 1
@ -106,9 +126,6 @@ end
 module Grpc
  module Testing
    PoissonParams = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.PoissonParams").msgclass
    UniformParams = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.UniformParams").msgclass
    DeterministicParams = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.DeterministicParams").msgclass
    ParetoParams = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.ParetoParams").msgclass
    ClosedLoopParams = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.ClosedLoopParams").msgclass
    LoadParams = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.LoadParams").msgclass
    SecurityParams = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.SecurityParams").msgclass
@ -122,6 +139,10 @@ module Grpc
    CoreRequest = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.CoreRequest").msgclass
    CoreResponse = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.CoreResponse").msgclass
    Void = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.Void").msgclass
    Scenario = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.Scenario").msgclass
    Scenarios = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.Scenarios").msgclass
    ScenarioResultSummary = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.ScenarioResultSummary").msgclass
    ScenarioResult = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.ScenarioResult").msgclass
    ClientType = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.ClientType").enummodule
    ServerType = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.ServerType").enummodule
    RpcType = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.RpcType").enummodule
--- a/src/ruby/qps/src/proto/grpc/testing/messages.rb
+++ b/src/ruby/qps/src/proto/grpc/testing/messages.rb
@ -46,6 +46,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
  add_message "grpc.testing.StreamingOutputCallResponse" do
    optional :payload, :message, 1, "grpc.testing.Payload"
  end
  add_message "grpc.testing.ReconnectParams" do
    optional :max_reconnect_backoff_ms, :int32, 1
  end
  add_message "grpc.testing.ReconnectInfo" do
    optional :passed, :bool, 1
    repeated :backoff_ms, :int32, 2
@ -73,6 +76,7 @@ module Grpc
    ResponseParameters = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.ResponseParameters").msgclass
    StreamingOutputCallRequest = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.StreamingOutputCallRequest").msgclass
    StreamingOutputCallResponse = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.StreamingOutputCallResponse").msgclass
    ReconnectParams = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.ReconnectParams").msgclass
    ReconnectInfo = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.ReconnectInfo").msgclass
    PayloadType = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.PayloadType").enummodule
    CompressionType = Google::Protobuf::DescriptorPool.generated_pool.lookup("grpc.testing.CompressionType").enummodule
--- a/templates/tools/dockerfile/go_path.include
+++ b/templates/tools/dockerfile/go_path.include
@ -1,2 +1,2 @@
 # Using login shell removes Go from path, so we add it.
-RUN ln -s /usr/src/go/bin/go /usr/local/bin
+RUN ln -s /usr/local/go/bin/go /usr/local/bin
--- a/templates/tools/dockerfile/java_deps.include
+++ b/templates/tools/dockerfile/java_deps.include
@ -0,0 +1,17 @@
 # Install JDK 8 and Git
 #
 RUN echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections && ${'\\'}
  echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list && ${'\\'}
  echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list && ${'\\'}
  apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
 RUN apt-get update && apt-get -y install ${'\\'}
      git ${'\\'}
      libapr1 ${'\\'}
      oracle-java8-installer ${'\\'}
      && ${'\\'}
    apt-get clean && rm -r /var/cache/oracle-jdk8-installer/
 ENV JAVA_HOME /usr/lib/jvm/java-8-oracle
 ENV PATH $PATH:$JAVA_HOME/bin
--- a/templates/tools/dockerfile/stress_test/grpc_interop_stress_go/Dockerfile.template
+++ b/templates/tools/dockerfile/stress_test/grpc_interop_stress_go/Dockerfile.template
@ -29,7 +29,7 @@
  # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-  FROM golang:1.4
+  FROM golang:1.5
  <%include file="../../gcp_api_libraries.include"/>
  <%include file="../../go_path.include"/>
--- a/templates/tools/dockerfile/stress_test/grpc_interop_stress_java/Dockerfile.template
+++ b/templates/tools/dockerfile/stress_test/grpc_interop_stress_java/Dockerfile.template
@ -0,0 +1,40 @@
 %YAML 1.2
 --- |
  # Copyright 2016, Google Inc.
  # All rights reserved.
  #
  # Redistribution and use in source and binary forms, with or without
  # modification, are permitted provided that the following conditions are
  # met:
  #
  #     * Redistributions of source code must retain the above copyright
  # notice, this list of conditions and the following disclaimer.
  #     * Redistributions in binary form must reproduce the above
  # copyright notice, this list of conditions and the following disclaimer
  # in the documentation and/or other materials provided with the
  # distribution.
  #     * Neither the name of Google Inc. nor the names of its
  # contributors may be used to endorse or promote products derived from
  # this software without specific prior written permission.
  #
  # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  FROM debian:jessie
  <%include file="../../apt_get_basic.include"/>
  <%include file="../../ccache_setup.include"/>
  <%include file="../../cxx_deps.include"/>
  <%include file="../../gcp_api_libraries.include"/>
  <%include file="../../java_deps.include"/>
  # Define the default command.
  CMD ["bash"]
--- a/test/core/end2end/data/client_certs.c
+++ b/test/core/end2end/data/client_certs.c
@ -0,0 +1,343 @@
 /*
 *
 * Copyright 2016, Google Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 *     * Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above
 * copyright notice, this list of conditions and the following disclaimer
 * in the documentation and/or other materials provided with the
 * distribution.
 *     * Neither the name of Google Inc. nor the names of its
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 const char test_self_signed_client_cert[] = {
    0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43,
    0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d,
    0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x6f, 0x44, 0x43, 0x43,
    0x41, 0x67, 0x6d, 0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x4a,
    0x41, 0x4e, 0x49, 0x7a, 0x32, 0x2f, 0x7a, 0x6f, 0x52, 0x69, 0x61, 0x70,
    0x4d, 0x41, 0x30, 0x47, 0x43, 0x53, 0x71, 0x47, 0x53, 0x49, 0x62, 0x33,
    0x44, 0x51, 0x45, 0x42, 0x42, 0x51, 0x55, 0x41, 0x4d, 0x47, 0x6b, 0x78,
    0x43, 0x7a, 0x41, 0x4a, 0x42, 0x67, 0x4e, 0x56, 0x0a, 0x42, 0x41, 0x59,
    0x54, 0x41, 0x6b, 0x46, 0x56, 0x4d, 0x52, 0x4d, 0x77, 0x45, 0x51, 0x59,
    0x44, 0x56, 0x51, 0x51, 0x49, 0x44, 0x41, 0x70, 0x54, 0x62, 0x32, 0x31,
    0x6c, 0x4c, 0x56, 0x4e, 0x30, 0x59, 0x58, 0x52, 0x6c, 0x4d, 0x53, 0x45,
    0x77, 0x48, 0x77, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4b, 0x44, 0x42, 0x68,
    0x4a, 0x62, 0x6e, 0x52, 0x6c, 0x63, 0x6d, 0x35, 0x6c, 0x64, 0x43, 0x42,
    0x58, 0x0a, 0x61, 0x57, 0x52, 0x6e, 0x61, 0x58, 0x52, 0x7a, 0x49, 0x46,
    0x42, 0x30, 0x65, 0x53, 0x42, 0x4d, 0x64, 0x47, 0x51, 0x78, 0x49, 0x6a,
    0x41, 0x67, 0x42, 0x67, 0x4e, 0x56, 0x42, 0x41, 0x4d, 0x4d, 0x47, 0x57,
    0x4a, 0x68, 0x5a, 0x47, 0x4e, 0x73, 0x61, 0x57, 0x56, 0x75, 0x64, 0x43,
    0x35, 0x30, 0x5a, 0x58, 0x4e, 0x30, 0x4c, 0x6d, 0x64, 0x76, 0x62, 0x32,
    0x64, 0x73, 0x5a, 0x53, 0x35, 0x6a, 0x0a, 0x62, 0x32, 0x30, 0x77, 0x48,
    0x68, 0x63, 0x4e, 0x4d, 0x54, 0x51, 0x77, 0x4e, 0x7a, 0x49, 0x34, 0x4d,
    0x6a, 0x41, 0x77, 0x4f, 0x44, 0x49, 0x31, 0x57, 0x68, 0x63, 0x4e, 0x4d,
    0x6a, 0x51, 0x77, 0x4e, 0x7a, 0x49, 0x31, 0x4d, 0x6a, 0x41, 0x77, 0x4f,
    0x44, 0x49, 0x31, 0x57, 0x6a, 0x42, 0x70, 0x4d, 0x51, 0x73, 0x77, 0x43,
    0x51, 0x59, 0x44, 0x56, 0x51, 0x51, 0x47, 0x45, 0x77, 0x4a, 0x42, 0x0a,
    0x56, 0x54, 0x45, 0x54, 0x4d, 0x42, 0x45, 0x47, 0x41, 0x31, 0x55, 0x45,
    0x43, 0x41, 0x77, 0x4b, 0x55, 0x32, 0x39, 0x74, 0x5a, 0x53, 0x31, 0x54,
    0x64, 0x47, 0x46, 0x30, 0x5a, 0x54, 0x45, 0x68, 0x4d, 0x42, 0x38, 0x47,
    0x41, 0x31, 0x55, 0x45, 0x43, 0x67, 0x77, 0x59, 0x53, 0x57, 0x35, 0x30,
    0x5a, 0x58, 0x4a, 0x75, 0x5a, 0x58, 0x51, 0x67, 0x56, 0x32, 0x6c, 0x6b,
    0x5a, 0x32, 0x6c, 0x30, 0x0a, 0x63, 0x79, 0x42, 0x51, 0x64, 0x48, 0x6b,
    0x67, 0x54, 0x48, 0x52, 0x6b, 0x4d, 0x53, 0x49, 0x77, 0x49, 0x41, 0x59,
    0x44, 0x56, 0x51, 0x51, 0x44, 0x44, 0x42, 0x6c, 0x69, 0x59, 0x57, 0x52,
    0x6a, 0x62, 0x47, 0x6c, 0x6c, 0x62, 0x6e, 0x51, 0x75, 0x64, 0x47, 0x56,
    0x7a, 0x64, 0x43, 0x35, 0x6e, 0x62, 0x32, 0x39, 0x6e, 0x62, 0x47, 0x55,
    0x75, 0x59, 0x32, 0x39, 0x74, 0x4d, 0x49, 0x47, 0x66, 0x0a, 0x4d, 0x41,
    0x30, 0x47, 0x43, 0x53, 0x71, 0x47, 0x53, 0x49, 0x62, 0x33, 0x44, 0x51,
    0x45, 0x42, 0x41, 0x51, 0x55, 0x41, 0x41, 0x34, 0x47, 0x4e, 0x41, 0x44,
    0x43, 0x42, 0x69, 0x51, 0x4b, 0x42, 0x67, 0x51, 0x43, 0x79, 0x58, 0x32,
    0x4a, 0x78, 0x5a, 0x2b, 0x4a, 0x35, 0x49, 0x2b, 0x64, 0x6c, 0x68, 0x52,
    0x4f, 0x56, 0x74, 0x71, 0x6c, 0x4d, 0x51, 0x6e, 0x34, 0x37, 0x42, 0x42,
    0x63, 0x72, 0x0a, 0x6c, 0x32, 0x47, 0x43, 0x6b, 0x76, 0x39, 0x4f, 0x31,
    0x44, 0x31, 0x72, 0x4c, 0x39, 0x34, 0x4b, 0x57, 0x59, 0x62, 0x59, 0x31,
    0x34, 0x48, 0x58, 0x68, 0x69, 0x2f, 0x6e, 0x61, 0x63, 0x42, 0x41, 0x51,
    0x74, 0x43, 0x45, 0x51, 0x77, 0x58, 0x78, 0x70, 0x35, 0x44, 0x4b, 0x65,
    0x6d, 0x47, 0x4f, 0x55, 0x6a, 0x75, 0x36, 0x35, 0x78, 0x4d, 0x39, 0x46,
    0x39, 0x36, 0x2f, 0x33, 0x37, 0x34, 0x47, 0x0a, 0x4d, 0x76, 0x6e, 0x52,
    0x4a, 0x64, 0x6f, 0x35, 0x32, 0x67, 0x4f, 0x73, 0x34, 0x48, 0x4f, 0x30,
    0x63, 0x7a, 0x42, 0x70, 0x66, 0x56, 0x4e, 0x64, 0x58, 0x65, 0x65, 0x6f,
    0x44, 0x2f, 0x52, 0x59, 0x67, 0x77, 0x74, 0x74, 0x66, 0x64, 0x4a, 0x72,
    0x7a, 0x2f, 0x34, 0x61, 0x61, 0x74, 0x73, 0x53, 0x32, 0x51, 0x6b, 0x32,
    0x79, 0x4d, 0x59, 0x70, 0x71, 0x5a, 0x6d, 0x71, 0x45, 0x4d, 0x73, 0x62,
    0x0a, 0x72, 0x68, 0x39, 0x57, 0x32, 0x32, 0x4c, 0x70, 0x33, 0x72, 0x43,
    0x42, 0x76, 0x77, 0x49, 0x44, 0x41, 0x51, 0x41, 0x42, 0x6f, 0x31, 0x41,
    0x77, 0x54, 0x6a, 0x41, 0x64, 0x42, 0x67, 0x4e, 0x56, 0x48, 0x51, 0x34,
    0x45, 0x46, 0x67, 0x51, 0x55, 0x35, 0x32, 0x33, 0x41, 0x4a, 0x4d, 0x52,
    0x38, 0x44, 0x73, 0x39, 0x56, 0x38, 0x66, 0x68, 0x66, 0x37, 0x67, 0x75,
    0x31, 0x69, 0x30, 0x4d, 0x4d, 0x0a, 0x55, 0x71, 0x41, 0x77, 0x48, 0x77,
    0x59, 0x44, 0x56, 0x52, 0x30, 0x6a, 0x42, 0x42, 0x67, 0x77, 0x46, 0x6f,
    0x41, 0x55, 0x35, 0x32, 0x33, 0x41, 0x4a, 0x4d, 0x52, 0x38, 0x44, 0x73,
    0x39, 0x56, 0x38, 0x66, 0x68, 0x66, 0x37, 0x67, 0x75, 0x31, 0x69, 0x30,
    0x4d, 0x4d, 0x55, 0x71, 0x41, 0x77, 0x44, 0x41, 0x59, 0x44, 0x56, 0x52,
    0x30, 0x54, 0x42, 0x41, 0x55, 0x77, 0x41, 0x77, 0x45, 0x42, 0x0a, 0x2f,
    0x7a, 0x41, 0x4e, 0x42, 0x67, 0x6b, 0x71, 0x68, 0x6b, 0x69, 0x47, 0x39,
    0x77, 0x30, 0x42, 0x41, 0x51, 0x55, 0x46, 0x41, 0x41, 0x4f, 0x42, 0x67,
    0x51, 0x43, 0x49, 0x2f, 0x74, 0x76, 0x53, 0x42, 0x59, 0x48, 0x31, 0x69,
    0x79, 0x66, 0x4c, 0x61, 0x43, 0x54, 0x42, 0x4b, 0x77, 0x70, 0x64, 0x6a,
    0x33, 0x36, 0x2b, 0x4d, 0x6b, 0x52, 0x39, 0x45, 0x65, 0x4a, 0x4a, 0x6d,
    0x49, 0x6d, 0x78, 0x0a, 0x58, 0x2b, 0x62, 0x6a, 0x68, 0x4b, 0x57, 0x58,
    0x77, 0x73, 0x42, 0x58, 0x34, 0x50, 0x44, 0x4d, 0x57, 0x76, 0x64, 0x75,
    0x73, 0x72, 0x2b, 0x2b, 0x51, 0x47, 0x55, 0x59, 0x74, 0x79, 0x6f, 0x79,
    0x61, 0x2b, 0x68, 0x66, 0x59, 0x4d, 0x58, 0x52, 0x68, 0x58, 0x75, 0x61,
    0x33, 0x39, 0x6d, 0x44, 0x35, 0x34, 0x78, 0x67, 0x6c, 0x6f, 0x51, 0x4e,
    0x75, 0x75, 0x39, 0x52, 0x45, 0x44, 0x77, 0x58, 0x0a, 0x46, 0x66, 0x74,
    0x6f, 0x2b, 0x61, 0x4f, 0x77, 0x33, 0x42, 0x63, 0x59, 0x64, 0x75, 0x63,
    0x7a, 0x36, 0x6f, 0x66, 0x78, 0x69, 0x63, 0x46, 0x4b, 0x2f, 0x59, 0x32,
    0x56, 0x65, 0x58, 0x44, 0x75, 0x72, 0x53, 0x4d, 0x70, 0x52, 0x76, 0x35,
    0x54, 0x66, 0x47, 0x66, 0x32, 0x51, 0x72, 0x36, 0x65, 0x4f, 0x4f, 0x64,
    0x61, 0x52, 0x68, 0x6a, 0x36, 0x65, 0x64, 0x37, 0x42, 0x69, 0x62, 0x48,
    0x6b, 0x0a, 0x58, 0x31, 0x56, 0x47, 0x5a, 0x41, 0x3d, 0x3d, 0x0a, 0x2d,
    0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54,
    0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d,
    0x0a, 0x00};
 const char test_self_signed_client_key[] = {
    0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50,
    0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d,
    0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x64, 0x77, 0x49, 0x42,
    0x41, 0x44, 0x41, 0x4e, 0x42, 0x67, 0x6b, 0x71, 0x68, 0x6b, 0x69, 0x47,
    0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43,
    0x41, 0x6d, 0x45, 0x77, 0x67, 0x67, 0x4a, 0x64, 0x41, 0x67, 0x45, 0x41,
    0x41, 0x6f, 0x47, 0x42, 0x41, 0x4c, 0x4a, 0x66, 0x59, 0x6e, 0x46, 0x6e,
    0x34, 0x6e, 0x6b, 0x6a, 0x35, 0x32, 0x57, 0x46, 0x0a, 0x45, 0x35, 0x57,
    0x32, 0x71, 0x55, 0x78, 0x43, 0x66, 0x6a, 0x73, 0x45, 0x46, 0x79, 0x75,
    0x58, 0x59, 0x59, 0x4b, 0x53, 0x2f, 0x30, 0x37, 0x55, 0x50, 0x57, 0x73,
    0x76, 0x33, 0x67, 0x70, 0x5a, 0x68, 0x74, 0x6a, 0x58, 0x67, 0x64, 0x65,
    0x47, 0x4c, 0x2b, 0x64, 0x70, 0x77, 0x45, 0x42, 0x43, 0x30, 0x49, 0x52,
    0x44, 0x42, 0x66, 0x47, 0x6e, 0x6b, 0x4d, 0x70, 0x36, 0x59, 0x59, 0x35,
    0x53, 0x0a, 0x4f, 0x37, 0x72, 0x6e, 0x45, 0x7a, 0x30, 0x58, 0x33, 0x72,
    0x2f, 0x66, 0x76, 0x67, 0x59, 0x79, 0x2b, 0x64, 0x45, 0x6c, 0x32, 0x6a,
    0x6e, 0x61, 0x41, 0x36, 0x7a, 0x67, 0x63, 0x37, 0x52, 0x7a, 0x4d, 0x47,
    0x6c, 0x39, 0x55, 0x31, 0x31, 0x64, 0x35, 0x36, 0x67, 0x50, 0x39, 0x46,
    0x69, 0x44, 0x43, 0x32, 0x31, 0x39, 0x30, 0x6d, 0x76, 0x50, 0x2f, 0x68,
    0x70, 0x71, 0x32, 0x78, 0x4c, 0x5a, 0x0a, 0x43, 0x54, 0x62, 0x49, 0x78,
    0x69, 0x6d, 0x70, 0x6d, 0x61, 0x6f, 0x51, 0x79, 0x78, 0x75, 0x75, 0x48,
    0x31, 0x62, 0x62, 0x59, 0x75, 0x6e, 0x65, 0x73, 0x49, 0x47, 0x2f, 0x41,
    0x67, 0x4d, 0x42, 0x41, 0x41, 0x45, 0x43, 0x67, 0x59, 0x41, 0x64, 0x71,
    0x4a, 0x43, 0x45, 0x7a, 0x4d, 0x49, 0x79, 0x5a, 0x45, 0x37, 0x6f, 0x61,
    0x57, 0x30, 0x74, 0x4f, 0x70, 0x63, 0x42, 0x30, 0x42, 0x69, 0x50, 0x0a,
    0x46, 0x59, 0x6f, 0x49, 0x76, 0x48, 0x34, 0x42, 0x4b, 0x52, 0x48, 0x38,
    0x65, 0x48, 0x76, 0x52, 0x34, 0x37, 0x36, 0x6d, 0x74, 0x2b, 0x59, 0x64,
    0x44, 0x68, 0x42, 0x50, 0x31, 0x73, 0x63, 0x47, 0x55, 0x6d, 0x59, 0x65,
    0x43, 0x54, 0x34, 0x45, 0x6a, 0x2b, 0x52, 0x67, 0x48, 0x76, 0x32, 0x4c,
    0x50, 0x54, 0x67, 0x56, 0x59, 0x77, 0x54, 0x39, 0x65, 0x63, 0x69, 0x50,
    0x32, 0x2b, 0x45, 0x2f, 0x0a, 0x43, 0x42, 0x43, 0x4e, 0x52, 0x65, 0x6c,
    0x30, 0x53, 0x77, 0x39, 0x4a, 0x65, 0x70, 0x77, 0x57, 0x30, 0x72, 0x2b,
    0x6a, 0x57, 0x4a, 0x74, 0x44, 0x59, 0x31, 0x70, 0x70, 0x36, 0x59, 0x58,
    0x41, 0x67, 0x4e, 0x52, 0x47, 0x58, 0x32, 0x55, 0x66, 0x6c, 0x76, 0x55,
    0x73, 0x54, 0x2b, 0x6f, 0x39, 0x6c, 0x5a, 0x76, 0x61, 0x67, 0x66, 0x39,
    0x6d, 0x6f, 0x4c, 0x54, 0x4d, 0x79, 0x47, 0x76, 0x55, 0x0a, 0x75, 0x4c,
    0x46, 0x6e, 0x73, 0x79, 0x66, 0x4c, 0x69, 0x6d, 0x31, 0x42, 0x34, 0x76,
    0x58, 0x76, 0x57, 0x51, 0x4a, 0x42, 0x41, 0x4e, 0x6f, 0x75, 0x5a, 0x6c,
    0x6c, 0x58, 0x47, 0x5a, 0x6f, 0x53, 0x72, 0x5a, 0x4c, 0x74, 0x52, 0x33,
    0x56, 0x67, 0x56, 0x34, 0x74, 0x7a, 0x52, 0x51, 0x76, 0x4a, 0x78, 0x75,
    0x38, 0x34, 0x6b, 0x4c, 0x65, 0x49, 0x6b, 0x36, 0x34, 0x4f, 0x76, 0x34,
    0x37, 0x58, 0x0a, 0x70, 0x48, 0x56, 0x42, 0x4d, 0x54, 0x52, 0x42, 0x66,
    0x7a, 0x50, 0x45, 0x68, 0x62, 0x42, 0x6f, 0x64, 0x6a, 0x72, 0x31, 0x6d,
    0x35, 0x4f, 0x4c, 0x61, 0x56, 0x4c, 0x71, 0x6b, 0x46, 0x63, 0x58, 0x66,
    0x74, 0x7a, 0x52, 0x43, 0x72, 0x62, 0x57, 0x6f, 0x4b, 0x73, 0x43, 0x51,
    0x51, 0x44, 0x52, 0x53, 0x6f, 0x4c, 0x4c, 0x58, 0x4f, 0x69, 0x4c, 0x72,
    0x74, 0x4a, 0x33, 0x44, 0x4c, 0x4a, 0x43, 0x0a, 0x72, 0x58, 0x37, 0x59,
    0x38, 0x77, 0x72, 0x48, 0x5a, 0x72, 0x71, 0x6b, 0x35, 0x62, 0x4d, 0x64,
    0x5a, 0x4c, 0x47, 0x61, 0x2f, 0x55, 0x58, 0x38, 0x52, 0x61, 0x6e, 0x68,
    0x56, 0x77, 0x33, 0x2b, 0x58, 0x70, 0x2b, 0x75, 0x72, 0x64, 0x31, 0x37,
    0x31, 0x31, 0x75, 0x6d, 0x65, 0x4e, 0x4a, 0x66, 0x7a, 0x75, 0x2f, 0x4d,
    0x43, 0x6b, 0x34, 0x61, 0x31, 0x4b, 0x6b, 0x47, 0x2f, 0x43, 0x55, 0x30,
    0x0a, 0x72, 0x71, 0x73, 0x39, 0x41, 0x6b, 0x41, 0x34, 0x63, 0x53, 0x78,
    0x31, 0x44, 0x44, 0x31, 0x4a, 0x53, 0x47, 0x2b, 0x79, 0x78, 0x4d, 0x4e,
    0x70, 0x73, 0x41, 0x53, 0x31, 0x78, 0x4a, 0x6f, 0x6d, 0x46, 0x49, 0x72,
    0x73, 0x4d, 0x39, 0x76, 0x73, 0x50, 0x74, 0x37, 0x46, 0x64, 0x6e, 0x64,
    0x44, 0x77, 0x72, 0x46, 0x2b, 0x79, 0x2b, 0x43, 0x6f, 0x76, 0x68, 0x44,
    0x6b, 0x47, 0x59, 0x44, 0x6b, 0x0a, 0x52, 0x41, 0x48, 0x68, 0x2b, 0x73,
    0x76, 0x47, 0x66, 0x5a, 0x67, 0x2f, 0x70, 0x51, 0x4b, 0x32, 0x4a, 0x52,
    0x50, 0x69, 0x6d, 0x41, 0x6d, 0x48, 0x68, 0x7a, 0x71, 0x46, 0x41, 0x6b,
    0x45, 0x41, 0x75, 0x36, 0x59, 0x61, 0x37, 0x30, 0x73, 0x32, 0x46, 0x55,
    0x65, 0x42, 0x33, 0x4d, 0x75, 0x39, 0x61, 0x4a, 0x73, 0x32, 0x43, 0x44,
    0x36, 0x68, 0x67, 0x33, 0x64, 0x51, 0x45, 0x56, 0x6b, 0x42, 0x0a, 0x35,
    0x33, 0x44, 0x49, 0x37, 0x54, 0x58, 0x34, 0x38, 0x64, 0x39, 0x6b, 0x47,
    0x57, 0x35, 0x38, 0x56, 0x58, 0x31, 0x78, 0x6e, 0x71, 0x53, 0x30, 0x32,
    0x4c, 0x79, 0x57, 0x71, 0x41, 0x50, 0x63, 0x57, 0x35, 0x71, 0x6d, 0x31,
    0x6b, 0x4c, 0x48, 0x46, 0x4c, 0x64, 0x6e, 0x64, 0x61, 0x50, 0x4e, 0x6d,
    0x42, 0x61, 0x6a, 0x34, 0x51, 0x4a, 0x42, 0x41, 0x4a, 0x75, 0x67, 0x6c,
    0x33, 0x36, 0x37, 0x0a, 0x39, 0x64, 0x39, 0x74, 0x2f, 0x51, 0x4c, 0x54,
    0x53, 0x75, 0x55, 0x4c, 0x4c, 0x61, 0x6f, 0x59, 0x76, 0x32, 0x76, 0x4a,
    0x54, 0x33, 0x73, 0x31, 0x79, 0x39, 0x48, 0x4e, 0x38, 0x39, 0x45, 0x6f,
    0x61, 0x44, 0x44, 0x45, 0x6b, 0x50, 0x56, 0x66, 0x51, 0x75, 0x36, 0x47,
    0x56, 0x45, 0x58, 0x67, 0x49, 0x42, 0x74, 0x69, 0x6d, 0x31, 0x73, 0x49,
    0x2f, 0x56, 0x50, 0x53, 0x7a, 0x49, 0x38, 0x48, 0x0a, 0x61, 0x58, 0x76,
    0x61, 0x54, 0x55, 0x77, 0x62, 0x6c, 0x46, 0x57, 0x53, 0x4d, 0x37, 0x30,
    0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x50,
    0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d,
    0x2d, 0x2d, 0x2d, 0x0a, 0x00};
 const char test_signed_client_cert[] = {
    0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43,
    0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d,
    0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x48, 0x7a, 0x43, 0x43,
    0x41, 0x59, 0x67, 0x43, 0x41, 0x51, 0x45, 0x77, 0x44, 0x51, 0x59, 0x4a,
    0x4b, 0x6f, 0x5a, 0x49, 0x68, 0x76, 0x63, 0x4e, 0x41, 0x51, 0x45, 0x46,
    0x42, 0x51, 0x41, 0x77, 0x56, 0x6a, 0x45, 0x4c, 0x4d, 0x41, 0x6b, 0x47,
    0x41, 0x31, 0x55, 0x45, 0x42, 0x68, 0x4d, 0x43, 0x51, 0x56, 0x55, 0x78,
    0x45, 0x7a, 0x41, 0x52, 0x42, 0x67, 0x4e, 0x56, 0x0a, 0x42, 0x41, 0x67,
    0x4d, 0x43, 0x6c, 0x4e, 0x76, 0x62, 0x57, 0x55, 0x74, 0x55, 0x33, 0x52,
    0x68, 0x64, 0x47, 0x55, 0x78, 0x49, 0x54, 0x41, 0x66, 0x42, 0x67, 0x4e,
    0x56, 0x42, 0x41, 0x6f, 0x4d, 0x47, 0x45, 0x6c, 0x75, 0x64, 0x47, 0x56,
    0x79, 0x62, 0x6d, 0x56, 0x30, 0x49, 0x46, 0x64, 0x70, 0x5a, 0x47, 0x64,
    0x70, 0x64, 0x48, 0x4d, 0x67, 0x55, 0x48, 0x52, 0x35, 0x49, 0x45, 0x78,
    0x30, 0x0a, 0x5a, 0x44, 0x45, 0x50, 0x4d, 0x41, 0x30, 0x47, 0x41, 0x31,
    0x55, 0x45, 0x41, 0x77, 0x77, 0x47, 0x64, 0x47, 0x56, 0x7a, 0x64, 0x47,
    0x4e, 0x68, 0x4d, 0x42, 0x34, 0x58, 0x44, 0x54, 0x45, 0x30, 0x4d, 0x44,
    0x63, 0x78, 0x4e, 0x7a, 0x49, 0x7a, 0x4e, 0x54, 0x59, 0x77, 0x4d, 0x6c,
    0x6f, 0x58, 0x44, 0x54, 0x49, 0x30, 0x4d, 0x44, 0x63, 0x78, 0x4e, 0x44,
    0x49, 0x7a, 0x4e, 0x54, 0x59, 0x77, 0x0a, 0x4d, 0x6c, 0x6f, 0x77, 0x57,
    0x6a, 0x45, 0x4c, 0x4d, 0x41, 0x6b, 0x47, 0x41, 0x31, 0x55, 0x45, 0x42,
    0x68, 0x4d, 0x43, 0x51, 0x56, 0x55, 0x78, 0x45, 0x7a, 0x41, 0x52, 0x42,
    0x67, 0x4e, 0x56, 0x42, 0x41, 0x67, 0x4d, 0x43, 0x6c, 0x4e, 0x76, 0x62,
    0x57, 0x55, 0x74, 0x55, 0x33, 0x52, 0x68, 0x64, 0x47, 0x55, 0x78, 0x49,
    0x54, 0x41, 0x66, 0x42, 0x67, 0x4e, 0x56, 0x42, 0x41, 0x6f, 0x4d, 0x0a,
    0x47, 0x45, 0x6c, 0x75, 0x64, 0x47, 0x56, 0x79, 0x62, 0x6d, 0x56, 0x30,
    0x49, 0x46, 0x64, 0x70, 0x5a, 0x47, 0x64, 0x70, 0x64, 0x48, 0x4d, 0x67,
    0x55, 0x48, 0x52, 0x35, 0x49, 0x45, 0x78, 0x30, 0x5a, 0x44, 0x45, 0x54,
    0x4d, 0x42, 0x45, 0x47, 0x41, 0x31, 0x55, 0x45, 0x41, 0x77, 0x77, 0x4b,
    0x64, 0x47, 0x56, 0x7a, 0x64, 0x47, 0x4e, 0x73, 0x61, 0x57, 0x56, 0x75,
    0x64, 0x44, 0x43, 0x42, 0x0a, 0x6e, 0x7a, 0x41, 0x4e, 0x42, 0x67, 0x6b,
    0x71, 0x68, 0x6b, 0x69, 0x47, 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45,
    0x46, 0x41, 0x41, 0x4f, 0x42, 0x6a, 0x51, 0x41, 0x77, 0x67, 0x59, 0x6b,
    0x43, 0x67, 0x59, 0x45, 0x41, 0x37, 0x46, 0x52, 0x48, 0x32, 0x36, 0x47,
    0x2b, 0x46, 0x74, 0x35, 0x56, 0x51, 0x67, 0x79, 0x7a, 0x6c, 0x5a, 0x73,
    0x66, 0x53, 0x6e, 0x48, 0x53, 0x5a, 0x36, 0x47, 0x58, 0x0a, 0x62, 0x37,
    0x71, 0x78, 0x6d, 0x6b, 0x32, 0x50, 0x4f, 0x38, 0x54, 0x59, 0x71, 0x4b,
    0x5a, 0x6d, 0x6b, 0x66, 0x4d, 0x77, 0x6b, 0x65, 0x36, 0x52, 0x55, 0x66,
    0x51, 0x56, 0x2b, 0x53, 0x2b, 0x47, 0x7a, 0x52, 0x76, 0x7a, 0x35, 0x4c,
    0x6c, 0x53, 0x33, 0x31, 0x55, 0x31, 0x51, 0x43, 0x70, 0x33, 0x63, 0x67,
    0x77, 0x6b, 0x49, 0x49, 0x41, 0x51, 0x61, 0x31, 0x45, 0x32, 0x68, 0x43,
    0x45, 0x7a, 0x0a, 0x57, 0x33, 0x31, 0x69, 0x76, 0x62, 0x4d, 0x42, 0x79,
    0x52, 0x4b, 0x39, 0x74, 0x46, 0x70, 0x79, 0x6e, 0x34, 0x55, 0x76, 0x38,
    0x4b, 0x50, 0x31, 0x34, 0x4f, 0x62, 0x4b, 0x6a, 0x54, 0x51, 0x71, 0x78,
    0x55, 0x5a, 0x70, 0x35, 0x35, 0x38, 0x44, 0x67, 0x4f, 0x48, 0x67, 0x35,
    0x62, 0x35, 0x6d, 0x47, 0x52, 0x4d, 0x30, 0x70, 0x79, 0x56, 0x31, 0x65,
    0x71, 0x52, 0x4b, 0x36, 0x50, 0x57, 0x77, 0x0a, 0x52, 0x2f, 0x62, 0x6a,
    0x67, 0x6c, 0x6c, 0x69, 0x36, 0x70, 0x6d, 0x6e, 0x72, 0x2b, 0x30, 0x43,
    0x41, 0x77, 0x45, 0x41, 0x41, 0x54, 0x41, 0x4e, 0x42, 0x67, 0x6b, 0x71,
    0x68, 0x6b, 0x69, 0x47, 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x55, 0x46,
    0x41, 0x41, 0x4f, 0x42, 0x67, 0x51, 0x41, 0x53, 0x74, 0x53, 0x6d, 0x35,
    0x50, 0x4d, 0x37, 0x75, 0x62, 0x52, 0x4f, 0x69, 0x4b, 0x4b, 0x36, 0x2f,
    0x0a, 0x54, 0x32, 0x46, 0x6b, 0x4b, 0x6c, 0x68, 0x69, 0x54, 0x4f, 0x78,
    0x2b, 0x52, 0x79, 0x65, 0x6e, 0x6d, 0x33, 0x45, 0x69, 0x6f, 0x35, 0x39,
    0x65, 0x6d, 0x71, 0x2b, 0x6a, 0x58, 0x6c, 0x2b, 0x31, 0x6e, 0x68, 0x50,
    0x79, 0x53, 0x58, 0x35, 0x47, 0x32, 0x50, 0x51, 0x7a, 0x53, 0x52, 0x35,
    0x76, 0x64, 0x31, 0x64, 0x49, 0x68, 0x77, 0x67, 0x5a, 0x53, 0x52, 0x34,
    0x47, 0x79, 0x74, 0x74, 0x6b, 0x0a, 0x74, 0x52, 0x5a, 0x35, 0x37, 0x6b,
    0x2f, 0x4e, 0x49, 0x31, 0x62, 0x72, 0x55, 0x57, 0x38, 0x6a, 0x6f, 0x69,
    0x45, 0x4f, 0x4d, 0x4a, 0x41, 0x2f, 0x4d, 0x72, 0x37, 0x48, 0x37, 0x61,
    0x73, 0x78, 0x37, 0x77, 0x49, 0x52, 0x59, 0x44, 0x45, 0x39, 0x31, 0x46,
    0x73, 0x38, 0x47, 0x6b, 0x4b, 0x57, 0x64, 0x35, 0x4c, 0x68, 0x6f, 0x50,
    0x41, 0x51, 0x6a, 0x2b, 0x71, 0x64, 0x47, 0x33, 0x35, 0x43, 0x0a, 0x4f,
    0x4f, 0x2b, 0x73, 0x76, 0x64, 0x6b, 0x6d, 0x71, 0x48, 0x30, 0x4b, 0x5a,
    0x6f, 0x33, 0x32, 0x30, 0x5a, 0x55, 0x71, 0x64, 0x6c, 0x32, 0x6f, 0x6f,
    0x51, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44,
    0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45,
    0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x00};
 const char test_signed_client_key[] = {
    0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x50,
    0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d,
    0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x65, 0x51, 0x49, 0x42,
    0x41, 0x44, 0x41, 0x4e, 0x42, 0x67, 0x6b, 0x71, 0x68, 0x6b, 0x69, 0x47,
    0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43,
    0x41, 0x6d, 0x4d, 0x77, 0x67, 0x67, 0x4a, 0x66, 0x41, 0x67, 0x45, 0x41,
    0x41, 0x6f, 0x47, 0x42, 0x41, 0x4f, 0x78, 0x55, 0x52, 0x39, 0x75, 0x68,
    0x76, 0x68, 0x62, 0x65, 0x56, 0x55, 0x49, 0x4d, 0x0a, 0x73, 0x35, 0x57,
    0x62, 0x48, 0x30, 0x70, 0x78, 0x30, 0x6d, 0x65, 0x68, 0x6c, 0x32, 0x2b,
    0x36, 0x73, 0x5a, 0x70, 0x4e, 0x6a, 0x7a, 0x76, 0x45, 0x32, 0x4b, 0x69,
    0x6d, 0x5a, 0x70, 0x48, 0x7a, 0x4d, 0x4a, 0x48, 0x75, 0x6b, 0x56, 0x48,
    0x30, 0x46, 0x66, 0x6b, 0x76, 0x68, 0x73, 0x30, 0x62, 0x38, 0x2b, 0x53,
    0x35, 0x55, 0x74, 0x39, 0x56, 0x4e, 0x55, 0x41, 0x71, 0x64, 0x33, 0x49,
    0x4d, 0x0a, 0x4a, 0x43, 0x43, 0x41, 0x45, 0x47, 0x74, 0x52, 0x4e, 0x6f,
    0x51, 0x68, 0x4d, 0x31, 0x74, 0x39, 0x59, 0x72, 0x32, 0x7a, 0x41, 0x63,
    0x6b, 0x53, 0x76, 0x62, 0x52, 0x61, 0x63, 0x70, 0x2b, 0x46, 0x4c, 0x2f,
    0x43, 0x6a, 0x39, 0x65, 0x44, 0x6d, 0x79, 0x6f, 0x30, 0x30, 0x4b, 0x73,
    0x56, 0x47, 0x61, 0x65, 0x65, 0x66, 0x41, 0x34, 0x44, 0x68, 0x34, 0x4f,
    0x57, 0x2b, 0x5a, 0x68, 0x6b, 0x54, 0x0a, 0x4e, 0x4b, 0x63, 0x6c, 0x64,
    0x58, 0x71, 0x6b, 0x53, 0x75, 0x6a, 0x31, 0x73, 0x45, 0x66, 0x32, 0x34,
    0x34, 0x4a, 0x5a, 0x59, 0x75, 0x71, 0x5a, 0x70, 0x36, 0x2f, 0x74, 0x41,
    0x67, 0x4d, 0x42, 0x41, 0x41, 0x45, 0x43, 0x67, 0x59, 0x45, 0x41, 0x69,
    0x32, 0x4e, 0x53, 0x56, 0x71, 0x70, 0x5a, 0x4d, 0x61, 0x66, 0x45, 0x35,
    0x59, 0x59, 0x55, 0x54, 0x63, 0x4d, 0x47, 0x65, 0x36, 0x51, 0x53, 0x0a,
    0x6b, 0x32, 0x6a, 0x74, 0x70, 0x73, 0x71, 0x59, 0x67, 0x67, 0x67, 0x49,
    0x32, 0x52, 0x6e, 0x4c, 0x4a, 0x2f, 0x32, 0x74, 0x4e, 0x5a, 0x77, 0x59,
    0x49, 0x35, 0x70, 0x77, 0x50, 0x38, 0x51, 0x56, 0x53, 0x62, 0x6e, 0x4d,
    0x61, 0x69, 0x46, 0x34, 0x67, 0x6f, 0x6b, 0x44, 0x35, 0x68, 0x47, 0x64,
    0x72, 0x4e, 0x44, 0x66, 0x54, 0x6e, 0x62, 0x32, 0x76, 0x2b, 0x79, 0x49,
    0x77, 0x59, 0x45, 0x48, 0x0a, 0x30, 0x77, 0x38, 0x2b, 0x6f, 0x47, 0x37,
    0x5a, 0x38, 0x31, 0x4b, 0x6f, 0x64, 0x73, 0x69, 0x5a, 0x53, 0x49, 0x44,
    0x4a, 0x66, 0x54, 0x47, 0x73, 0x41, 0x5a, 0x68, 0x56, 0x4e, 0x77, 0x4f,
    0x7a, 0x39, 0x79, 0x30, 0x56, 0x44, 0x38, 0x42, 0x42, 0x5a, 0x5a, 0x31,
    0x2f, 0x32, 0x37, 0x34, 0x5a, 0x68, 0x35, 0x32, 0x41, 0x55, 0x4b, 0x4c,
    0x6a, 0x5a, 0x53, 0x2f, 0x5a, 0x77, 0x49, 0x62, 0x53, 0x0a, 0x57, 0x32,
    0x79, 0x77, 0x79, 0x61, 0x38, 0x35, 0x35, 0x64, 0x50, 0x6e, 0x48, 0x2f,
    0x77, 0x6a, 0x2b, 0x30, 0x45, 0x43, 0x51, 0x51, 0x44, 0x39, 0x58, 0x38,
    0x44, 0x39, 0x32, 0x30, 0x6b, 0x42, 0x79, 0x54, 0x4e, 0x48, 0x68, 0x42,
    0x47, 0x31, 0x38, 0x62, 0x69, 0x41, 0x45, 0x5a, 0x34, 0x70, 0x78, 0x73,
    0x39, 0x66, 0x30, 0x4f, 0x41, 0x47, 0x38, 0x33, 0x33, 0x33, 0x65, 0x56,
    0x63, 0x49, 0x0a, 0x77, 0x32, 0x6c, 0x4a, 0x44, 0x4c, 0x73, 0x59, 0x44,
    0x5a, 0x72, 0x43, 0x42, 0x32, 0x6f, 0x63, 0x67, 0x41, 0x33, 0x6c, 0x55,
    0x64, 0x6f, 0x7a, 0x6c, 0x7a, 0x50, 0x43, 0x37, 0x59, 0x44, 0x59, 0x77,
    0x38, 0x72, 0x65, 0x67, 0x30, 0x74, 0x6b, 0x69, 0x52, 0x59, 0x35, 0x41,
    0x6b, 0x45, 0x41, 0x37, 0x73, 0x64, 0x4e, 0x7a, 0x4f, 0x65, 0x51, 0x73,
    0x51, 0x52, 0x6e, 0x37, 0x2b, 0x2b, 0x35, 0x0a, 0x30, 0x62, 0x50, 0x39,
    0x44, 0x74, 0x54, 0x2f, 0x69, 0x4f, 0x4e, 0x31, 0x67, 0x62, 0x66, 0x78,
    0x52, 0x7a, 0x43, 0x66, 0x43, 0x66, 0x58, 0x64, 0x6f, 0x4f, 0x74, 0x66,
    0x51, 0x57, 0x49, 0x7a, 0x54, 0x65, 0x50, 0x57, 0x74, 0x55, 0x52, 0x74,
    0x39, 0x58, 0x2f, 0x35, 0x44, 0x39, 0x4e, 0x6f, 0x66, 0x49, 0x30, 0x52,
    0x67, 0x35, 0x57, 0x32, 0x6f, 0x47, 0x79, 0x2f, 0x4d, 0x4c, 0x65, 0x35,
    0x0a, 0x2f, 0x73, 0x58, 0x48, 0x56, 0x51, 0x4a, 0x42, 0x41, 0x49, 0x75,
    0x70, 0x35, 0x58, 0x72, 0x4a, 0x44, 0x6b, 0x51, 0x79, 0x77, 0x4e, 0x5a,
    0x79, 0x41, 0x55, 0x55, 0x32, 0x65, 0x63, 0x6e, 0x32, 0x62, 0x43, 0x57,
    0x42, 0x46, 0x6a, 0x77, 0x74, 0x71, 0x64, 0x2b, 0x4c, 0x42, 0x6d, 0x75,
    0x4d, 0x63, 0x69, 0x49, 0x39, 0x66, 0x4f, 0x4b, 0x73, 0x5a, 0x74, 0x45,
    0x4b, 0x5a, 0x72, 0x7a, 0x2f, 0x0a, 0x55, 0x30, 0x6c, 0x6b, 0x65, 0x4d,
    0x52, 0x6f, 0x53, 0x77, 0x76, 0x58, 0x45, 0x38, 0x77, 0x6d, 0x47, 0x4c,
    0x6a, 0x6a, 0x72, 0x41, 0x62, 0x64, 0x66, 0x6f, 0x68, 0x72, 0x58, 0x46,
    0x6b, 0x43, 0x51, 0x51, 0x44, 0x5a, 0x45, 0x78, 0x2f, 0x4c, 0x74, 0x49,
    0x6c, 0x36, 0x4a, 0x49, 0x4e, 0x4a, 0x51, 0x69, 0x73, 0x77, 0x56, 0x65,
    0x30, 0x74, 0x57, 0x72, 0x36, 0x6b, 0x2b, 0x41, 0x53, 0x50, 0x0a, 0x31,
    0x57, 0x58, 0x6f, 0x54, 0x6d, 0x2b, 0x48, 0x59, 0x70, 0x6f, 0x46, 0x2f,
    0x58, 0x55, 0x76, 0x76, 0x39, 0x4c, 0x63, 0x63, 0x4e, 0x46, 0x31, 0x49,
    0x61, 0x7a, 0x46, 0x6a, 0x33, 0x34, 0x68, 0x77, 0x52, 0x51, 0x77, 0x68,
    0x78, 0x37, 0x77, 0x2f, 0x56, 0x35, 0x32, 0x49, 0x65, 0x62, 0x2b, 0x70,
    0x30, 0x6a, 0x55, 0x4d, 0x59, 0x47, 0x78, 0x41, 0x6b, 0x45, 0x41, 0x6a,
    0x44, 0x68, 0x64, 0x0a, 0x39, 0x70, 0x42, 0x4f, 0x31, 0x66, 0x4b, 0x58,
    0x57, 0x69, 0x58, 0x7a, 0x69, 0x39, 0x5a, 0x4b, 0x66, 0x6f, 0x79, 0x54,
    0x4e, 0x63, 0x55, 0x71, 0x33, 0x65, 0x42, 0x53, 0x56, 0x4b, 0x77, 0x50,
    0x47, 0x32, 0x6e, 0x49, 0x74, 0x67, 0x35, 0x79, 0x63, 0x58, 0x65, 0x6e,
    0x67, 0x6a, 0x54, 0x35, 0x73, 0x67, 0x63, 0x57, 0x44, 0x6e, 0x63, 0x69,
    0x49, 0x7a, 0x57, 0x37, 0x42, 0x49, 0x56, 0x49, 0x0a, 0x4a, 0x69, 0x71,
    0x4f, 0x73, 0x7a, 0x71, 0x39, 0x47, 0x57, 0x45, 0x53, 0x45, 0x72, 0x41,
    0x61, 0x74, 0x67, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45,
    0x4e, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b,
    0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x00};
--- a/test/core/end2end/data/ssl_test_data.h
+++ b/test/core/end2end/data/ssl_test_data.h
@ -37,5 +37,9 @@
 extern const char test_root_cert[];
 extern const char test_server1_cert[];
 extern const char test_server1_key[];
 extern const char test_self_signed_client_cert[];
 extern const char test_self_signed_client_key[];
 extern const char test_signed_client_cert[];
 extern const char test_signed_client_key[];
 #endif /* GRPC_TEST_CORE_END2END_DATA_SSL_TEST_DATA_H */
--- a/test/core/end2end/fixtures/h2_ssl_cert.c
+++ b/test/core/end2end/fixtures/h2_ssl_cert.c
@ -0,0 +1,376 @@
 /*
 *
 * Copyright 2015, Google Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 *     * Redistributions of source code must retain the above copyright
 * notice, this list of conditions and the following disclaimer.
 *     * Redistributions in binary form must reproduce the above
 * copyright notice, this list of conditions and the following disclaimer
 * in the documentation and/or other materials provided with the
 * distribution.
 *     * Neither the name of Google Inc. nor the names of its
 * contributors may be used to endorse or promote products derived from
 * this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 #include "test/core/end2end/end2end_tests.h"
 #include <stdio.h>
 #include <string.h>
 #include <grpc/support/alloc.h>
 #include <grpc/support/host_port.h>
 #include <grpc/support/log.h>
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/security/credentials.h"
 #include "src/core/lib/support/env.h"
 #include "src/core/lib/support/string.h"
 #include "src/core/lib/support/tmpfile.h"
 #include "test/core/end2end/cq_verifier.h"
 #include "test/core/end2end/data/ssl_test_data.h"
 #include "test/core/util/port.h"
 #include "test/core/util/test_config.h"
 extern void simple_request(grpc_end2end_test_config config);
 typedef struct fullstack_secure_fixture_data {
  char *localaddr;
 } fullstack_secure_fixture_data;
 static grpc_end2end_test_fixture chttp2_create_fixture_secure_fullstack(
    grpc_channel_args *client_args, grpc_channel_args *server_args) {
  grpc_end2end_test_fixture f;
  int port = grpc_pick_unused_port_or_die();
  fullstack_secure_fixture_data *ffd =
      gpr_malloc(sizeof(fullstack_secure_fixture_data));
  memset(&f, 0, sizeof(f));
  gpr_join_host_port(&ffd->localaddr, "localhost", port);
  f.fixture_data = ffd;
  f.cq = grpc_completion_queue_create(NULL);
  return f;
 }
 static void process_auth_failure(void *state, grpc_auth_context *ctx,
                                 const grpc_metadata *md, size_t md_count,
                                 grpc_process_auth_metadata_done_cb cb,
                                 void *user_data) {
  GPR_ASSERT(state == NULL);
  cb(user_data, NULL, 0, NULL, 0, GRPC_STATUS_UNAUTHENTICATED, NULL);
 }
 static void chttp2_init_client_secure_fullstack(
    grpc_end2end_test_fixture *f, grpc_channel_args *client_args,
    grpc_channel_credentials *creds) {
  fullstack_secure_fixture_data *ffd = f->fixture_data;
  f->client =
      grpc_secure_channel_create(creds, ffd->localaddr, client_args, NULL);
  GPR_ASSERT(f->client != NULL);
  grpc_channel_credentials_release(creds);
 }
 static void chttp2_init_server_secure_fullstack(
    grpc_end2end_test_fixture *f, grpc_channel_args *server_args,
    grpc_server_credentials *server_creds) {
  fullstack_secure_fixture_data *ffd = f->fixture_data;
  if (f->server) {
    grpc_server_destroy(f->server);
  }
  f->server = grpc_server_create(server_args, NULL);
  grpc_server_register_completion_queue(f->server, f->cq, NULL);
  GPR_ASSERT(grpc_server_add_secure_http2_port(f->server, ffd->localaddr,
                                               server_creds));
  grpc_server_credentials_release(server_creds);
  grpc_server_start(f->server);
 }
 void chttp2_tear_down_secure_fullstack(grpc_end2end_test_fixture *f) {
  fullstack_secure_fixture_data *ffd = f->fixture_data;
  gpr_free(ffd->localaddr);
  gpr_free(ffd);
 }
 static int fail_server_auth_check(grpc_channel_args *server_args) {
  size_t i;
  if (server_args == NULL) return 0;
  for (i = 0; i < server_args->num_args; i++) {
    if (strcmp(server_args->args[i].key, FAIL_AUTH_CHECK_SERVER_ARG_NAME) ==
        0) {
      return 1;
    }
  }
  return 0;
 }
 #define SERVER_INIT_NAME(REQUEST_TYPE) \
  chttp2_init_server_simple_ssl_secure_fullstack_##REQUEST_TYPE
 #define SERVER_INIT(REQUEST_TYPE)                                           \
  static void SERVER_INIT_NAME(REQUEST_TYPE)(                               \
      grpc_end2end_test_fixture * f, grpc_channel_args * server_args) {     \
    grpc_ssl_pem_key_cert_pair pem_cert_key_pair = {test_server1_key,       \
                                                    test_server1_cert};     \
    grpc_server_credentials *ssl_creds =                                    \
        grpc_ssl_server_credentials_create_ex(                              \
            test_root_cert, &pem_cert_key_pair, 1, REQUEST_TYPE, NULL);     \
    if (fail_server_auth_check(server_args)) {                              \
      grpc_auth_metadata_processor processor = {process_auth_failure, NULL, \
                                                NULL};                      \
      grpc_server_credentials_set_auth_metadata_processor(ssl_creds,        \
                                                          processor);       \
    }                                                                       \
    chttp2_init_server_secure_fullstack(f, server_args, ssl_creds);         \
  }
 SERVER_INIT(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE);
 SERVER_INIT(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY);
 SERVER_INIT(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
 SERVER_INIT(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY);
 SERVER_INIT(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
 #define CLIENT_INIT_NAME(cert_type) \
  chttp2_init_client_simple_ssl_secure_fullstack_##cert_type
 typedef enum { NONE, SELF_SIGNED, SIGNED, BAD_CERT_PAIR } certtype;
 #define CLIENT_INIT(cert_type)                                               \
  static void CLIENT_INIT_NAME(cert_type)(grpc_end2end_test_fixture * f,     \
                                          grpc_channel_args * client_args) { \
    grpc_channel_credentials *ssl_creds = NULL;                              \
    grpc_ssl_pem_key_cert_pair self_signed_client_key_cert_pair = {          \
        test_self_signed_client_key, test_self_signed_client_cert};          \
    grpc_ssl_pem_key_cert_pair signed_client_key_cert_pair = {               \
        test_signed_client_key, test_signed_client_cert};                    \
    grpc_ssl_pem_key_cert_pair bad_client_key_cert_pair = {                  \
        test_self_signed_client_key, test_signed_client_cert};               \
    grpc_ssl_pem_key_cert_pair *key_cert_pair = NULL;                        \
    switch (cert_type) {                                                     \
      case SELF_SIGNED:                                                      \
        key_cert_pair = &self_signed_client_key_cert_pair;                   \
        break;                                                               \
      case SIGNED:                                                           \
        key_cert_pair = &signed_client_key_cert_pair;                        \
        break;                                                               \
      case BAD_CERT_PAIR:                                                    \
        key_cert_pair = &bad_client_key_cert_pair;                           \
        break;                                                               \
      default:                                                               \
        break;                                                               \
    }                                                                        \
    ssl_creds =                                                              \
        grpc_ssl_credentials_create(test_root_cert, key_cert_pair, NULL);    \
    grpc_arg ssl_name_override = {GRPC_ARG_STRING,                           \
                                  GRPC_SSL_TARGET_NAME_OVERRIDE_ARG,         \
                                  {"foo.test.google.fr"}};                   \
    grpc_channel_args *new_client_args =                                     \
        grpc_channel_args_copy_and_add(client_args, &ssl_name_override, 1);  \
    chttp2_init_client_secure_fullstack(f, new_client_args, ssl_creds);      \
    grpc_channel_args_destroy(new_client_args);                              \
  }
 CLIENT_INIT(NONE);
 CLIENT_INIT(SELF_SIGNED);
 CLIENT_INIT(SIGNED);
 CLIENT_INIT(BAD_CERT_PAIR);
 #define TEST_NAME(enum_name, cert_type, result) \
  "chttp2/ssl_" #enum_name "_" #cert_type "_" #result "_"
 typedef enum { SUCCESS, FAIL } test_result;
 #define SSL_TEST(request_type, cert_type, result)                         \
  {                                                                       \
    {TEST_NAME(request_type, cert_type, result),                          \
     FEATURE_MASK_SUPPORTS_DELAYED_CONNECTION |                           \
         FEATURE_MASK_SUPPORTS_PER_CALL_CREDENTIALS,                      \
     chttp2_create_fixture_secure_fullstack, CLIENT_INIT_NAME(cert_type), \
     SERVER_INIT_NAME(request_type), chttp2_tear_down_secure_fullstack},  \
        result                                                            \
  }
 /* All test configurations */
 typedef struct grpc_end2end_test_config_wrapper {
  grpc_end2end_test_config config;
  test_result result;
 } grpc_end2end_test_config_wrapper;
 static grpc_end2end_test_config_wrapper configs[] = {
    SSL_TEST(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, NONE, SUCCESS),
    SSL_TEST(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, SELF_SIGNED, SUCCESS),
    SSL_TEST(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, SIGNED, SUCCESS),
    SSL_TEST(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, BAD_CERT_PAIR, FAIL),
    SSL_TEST(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, NONE,
             SUCCESS),
    SSL_TEST(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, SELF_SIGNED,
             SUCCESS),
    SSL_TEST(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, SIGNED,
             SUCCESS),
    SSL_TEST(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, BAD_CERT_PAIR,
             FAIL),
    SSL_TEST(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, NONE, SUCCESS),
    SSL_TEST(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, SELF_SIGNED, FAIL),
    SSL_TEST(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, SIGNED, SUCCESS),
    SSL_TEST(GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, BAD_CERT_PAIR,
             FAIL),
    SSL_TEST(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
             NONE, FAIL),
    SSL_TEST(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
             SELF_SIGNED, SUCCESS),
    SSL_TEST(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
             SIGNED, SUCCESS),
    SSL_TEST(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
             BAD_CERT_PAIR, FAIL),
    SSL_TEST(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY, NONE,
             FAIL),
    SSL_TEST(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY,
             SELF_SIGNED, FAIL),
    SSL_TEST(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY, SIGNED,
             SUCCESS),
    SSL_TEST(GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY,
             BAD_CERT_PAIR, FAIL),
 };
 static void *tag(intptr_t t) { return (void *)t; }
 static grpc_end2end_test_fixture begin_test(grpc_end2end_test_config config,
                                            const char *test_name,
                                            grpc_channel_args *client_args,
                                            grpc_channel_args *server_args) {
  grpc_end2end_test_fixture f;
  gpr_log(GPR_INFO, "%s/%s", test_name, config.name);
  f = config.create_fixture(client_args, server_args);
  config.init_server(&f, server_args);
  config.init_client(&f, client_args);
  return f;
 }
 static gpr_timespec n_seconds_time(int n) {
  return GRPC_TIMEOUT_SECONDS_TO_DEADLINE(n);
 }
 static gpr_timespec five_seconds_time(void) { return n_seconds_time(5); }
 static void drain_cq(grpc_completion_queue *cq) {
  grpc_event ev;
  do {
    ev = grpc_completion_queue_next(cq, five_seconds_time(), NULL);
  } while (ev.type != GRPC_QUEUE_SHUTDOWN);
 }
 static void shutdown_server(grpc_end2end_test_fixture *f) {
  if (!f->server) return;
  grpc_server_shutdown_and_notify(f->server, f->cq, tag(1000));
  GPR_ASSERT(grpc_completion_queue_pluck(
                 f->cq, tag(1000), GRPC_TIMEOUT_SECONDS_TO_DEADLINE(5), NULL)
                 .type == GRPC_OP_COMPLETE);
  grpc_server_destroy(f->server);
  f->server = NULL;
 }
 static void shutdown_client(grpc_end2end_test_fixture *f) {
  if (!f->client) return;
  grpc_channel_destroy(f->client);
  f->client = NULL;
 }
 static void end_test(grpc_end2end_test_fixture *f) {
  shutdown_server(f);
  shutdown_client(f);
  grpc_completion_queue_shutdown(f->cq);
  drain_cq(f->cq);
  grpc_completion_queue_destroy(f->cq);
 }
 static void simple_request_body(grpc_end2end_test_fixture f,
                                test_result expected_result) {
  grpc_call *c;
  gpr_timespec deadline = five_seconds_time();
  cq_verifier *cqv = cq_verifier_create(f.cq);
  grpc_op ops[6];
  grpc_op *op;
  grpc_call_error error;
  c = grpc_channel_create_call(f.client, NULL, GRPC_PROPAGATE_DEFAULTS, f.cq,
                               "/foo", "foo.test.google.fr:1234", deadline,
                               NULL);
  GPR_ASSERT(c);
  op = ops;
  op->op = GRPC_OP_SEND_INITIAL_METADATA;
  op->data.send_initial_metadata.count = 0;
  op->flags = 0;
  op->reserved = NULL;
  op++;
  error = grpc_call_start_batch(c, ops, (size_t)(op - ops), tag(1), NULL);
  GPR_ASSERT(GRPC_CALL_OK == error);
  cq_expect_completion(cqv, tag(1), expected_result == SUCCESS);
  cq_verify(cqv);
  grpc_call_destroy(c);
  cq_verifier_destroy(cqv);
 }
 int main(int argc, char **argv) {
  size_t i;
  FILE *roots_file;
  size_t roots_size = strlen(test_root_cert);
  char *roots_filename;
  grpc_test_init(argc, argv);
  grpc_end2end_tests_pre_init();
  /* Set the SSL roots env var. */
  roots_file =
      gpr_tmpfile("chttp2_simple_ssl_cert_fullstack_test", &roots_filename);
  GPR_ASSERT(roots_filename != NULL);
  GPR_ASSERT(roots_file != NULL);
  GPR_ASSERT(fwrite(test_root_cert, 1, roots_size, roots_file) == roots_size);
  fclose(roots_file);
  gpr_setenv(GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR, roots_filename);
  grpc_init();
  for (i = 0; i < sizeof(configs) / sizeof(*configs); i++) {
    grpc_end2end_test_fixture f =
        begin_test(configs[i].config, "SSL_CERT_tests", NULL, NULL);
    simple_request_body(f, configs[i].result);
    end_test(&f);
    configs[i].config.tear_down_data(&f);
  }
  grpc_shutdown();
  /* Cleanup. */
  remove(roots_filename);
  gpr_free(roots_filename);
  return 0;
 }
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/0f98d7d56e9a99b97e5dc7eb122ef22e9684077b
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/0f98d7d56e9a99b97e5dc7eb122ef22e9684077b
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/118ffddb43ccf9dae8bdb4702232d1dc39b021f7
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/118ffddb43ccf9dae8bdb4702232d1dc39b021f7
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/1306c4c6ea714d4db0e4d814c944d8d40335e0fa
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/1306c4c6ea714d4db0e4d814c944d8d40335e0fa
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/143e0d4f546bbb984a7c3ac1c60a37dcf85ea58d
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/143e0d4f546bbb984a7c3ac1c60a37dcf85ea58d
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/1875a4acdcffe505ca92ea8af8d9d6b174736e80
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/1875a4acdcffe505ca92ea8af8d9d6b174736e80
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/26110f21dcb0fde99942e631366ebbd9d895860d
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/26110f21dcb0fde99942e631366ebbd9d895860d
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/2dce4a1fc4bb00bfcd43d549a3785913c9280369
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/2dce4a1fc4bb00bfcd43d549a3785913c9280369
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/42c395ab373346fb283ace021bdc1f6428f92f80
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/42c395ab373346fb283ace021bdc1f6428f92f80
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/4f5b9d5c707a35084918c272efd1295d301ca0b5
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/4f5b9d5c707a35084918c272efd1295d301ca0b5
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/50ece7ea16659b4e1a2284cea963fab662c19e6b
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/50ece7ea16659b4e1a2284cea963fab662c19e6b
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/59d78f6397f0483d139f5bd0a9f264156f34acc4
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/59d78f6397f0483d139f5bd0a9f264156f34acc4
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/636a19b8f50c4efccccea83ab78a933d999e41fa
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/636a19b8f50c4efccccea83ab78a933d999e41fa
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/64c0e0b4d9c2d25fdcb1e2bdcb999487fc096dad
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/64c0e0b4d9c2d25fdcb1e2bdcb999487fc096dad
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/6749752b02f7d14fff9ac35f6b68dd62f5b49fcd
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/6749752b02f7d14fff9ac35f6b68dd62f5b49fcd
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/6e71553967212dfea2c9995f3641e582d8c2105b
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/6e71553967212dfea2c9995f3641e582d8c2105b
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/7885df741c88ca4b539798d9985c445f41cc2929
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/7885df741c88ca4b539798d9985c445f41cc2929
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/7af41e5391204f4596cb1461792e2e23f9390b7b
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/7af41e5391204f4596cb1461792e2e23f9390b7b
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/813d2c34c0df8d4a918e68e58cf0ae3703d0d46f
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/813d2c34c0df8d4a918e68e58cf0ae3703d0d46f
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/8bacacba71bfa5c74fd74cb6577a49a7aec9cf1f
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/8bacacba71bfa5c74fd74cb6577a49a7aec9cf1f
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/90a9c3390752b94ca19a58cb2fe6267bc818f718
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/90a9c3390752b94ca19a58cb2fe6267bc818f718
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/9b1355c6e2c43ce83001bbead09a79852e04feef
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/9b1355c6e2c43ce83001bbead09a79852e04feef
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/9d362d2aaeee243a5b54621d8187c4b16f87c9f5
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/9d362d2aaeee243a5b54621d8187c4b16f87c9f5
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/9f0ab521c728be21e93112b2730c52bc1d6c0021
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/9f0ab521c728be21e93112b2730c52bc1d6c0021
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/a30fc2605f4e74f7003f902ea4a4c994e3ce9bfd
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/a30fc2605f4e74f7003f902ea4a4c994e3ce9bfd
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/a8e67676784506d2e6eab3a0dfa25e53a80b40a0
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/a8e67676784506d2e6eab3a0dfa25e53a80b40a0
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/b09f98e13e5b67a4dd7f74eff00bb247b9967844
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/b09f98e13e5b67a4dd7f74eff00bb247b9967844
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/ba942f8fb244b60561a067129c242c4bc4fdd5e1
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/ba942f8fb244b60561a067129c242c4bc4fdd5e1
@ -0,0 +1 @@
 !m<EFBFBD>!mm<EFBFBD><EFBFBD>N!<EFBFBD><EFBFBD>N<EFBFBD>N'<EFBFBD>!)<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>NN<EFBFBD><EFBFBD><EFBFBD>
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/bc9e17fed43c5d0668a87e8d6354c344c5b4d00b
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/bc9e17fed43c5d0668a87e8d6354c344c5b4d00b
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/c5d0c169d326d79fc4ee8521b282dbcbf33c1d5c
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/c5d0c169d326d79fc4ee8521b282dbcbf33c1d5c
@ -0,0 +1 @@
 !mm<EFBFBD><EFBFBD>N!<EFBFBD><EFBFBD>N)<EFBFBD>N'<EFBFBD>)<EFBFBD><EFBFBD>NN
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/dccd1fd6d3394f5f68c87950ed7356a2e9ef0f6f
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/dccd1fd6d3394f5f68c87950ed7356a2e9ef0f6f
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/e0d1ee5e2e169dcae87f790f5c27e84a3453cedb
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/e0d1ee5e2e169dcae87f790f5c27e84a3453cedb
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/e309e21c69e4b96ab37f675f4e87a52453512ef8
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/e309e21c69e4b96ab37f675f4e87a52453512ef8
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/e3422e8f5d63a9ef180aab552353955c7aba90b0
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/e3422e8f5d63a9ef180aab552353955c7aba90b0
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/e442f9fd63bc5345de1c14803d4ca4bb6f1152cf
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/e442f9fd63bc5345de1c14803d4ca4bb6f1152cf
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/e4c0e27cfd3690b8255a8214d6dd055385d1d24e
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/e4c0e27cfd3690b8255a8214d6dd055385d1d24e
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/e7c26599fb2e2b031346ff1ba09294fd758f7abe
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/e7c26599fb2e2b031346ff1ba09294fd758f7abe
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/f4499e3d4bf60ae3ae929c485a13ea4dc2713369
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/f4499e3d4bf60ae3ae929c485a13ea4dc2713369
--- a/test/core/end2end/fuzzers/client_fuzzer_corpus/f8467d9574de94b9bb904f75a6a7e2405c36f105
+++ b/test/core/end2end/fuzzers/client_fuzzer_corpus/f8467d9574de94b9bb904f75a6a7e2405c36f105
--- a/test/core/end2end/fuzzers/hpack.dictionary
+++ b/test/core/end2end/fuzzers/hpack.dictionary
@ -1,91 +1,170 @@
 # hpack fuzzing dictionary
-kw0="\x01""0"
+"\x010"
-kw1="\x01""1"
+"\x011"
-kw2="\x01""2"
+"\x012"
-kw3="\x03""200"
+"\x03200"
-kw4="\x03""204"
+"\x03204"
-kw5="\x03""206"
+"\x03206"
-kw6="\x03""304"
+"\x03304"
-kw7="\x03""400"
+"\x03400"
-kw8="\x03""404"
+"\x03404"
-kw9="\x03""500"
+"\x03500"
-kw10="\x06""accept"
+"\x06accept"
-kw11="\x0e""accept-charset"
+"\x0Eaccept-charset"
-kw12="\x0f""accept-encoding"
+"\x0Faccept-encoding"
-kw13="\x0f""accept-language"
+"\x0Faccept-language"
-kw14="\x0d""accept-ranges"
+"\x0Daccept-ranges"
-kw15="\x1b""access-control-allow-origin"
+"\x1Baccess-control-allow-origin"
-kw16="\x03""age"
+"\x03age"
-kw17="\x05""allow"
+"\x05allow"
-kw18="\x10""application/grpc"
+"\x10application/grpc"
-kw19="\x0a:authority"
+"\x0A:authority"
-kw20="\x0d""authorization"
+"\x0Dauthorization"
-kw21="\x0d""cache-control"
+"\x0Dcache-control"
-kw22="\x0a""census-bin"
+"\x0Acensus-bin"
-kw23="\x11""census-binary-bin"
+"\x11census-binary-bin"
-kw24="\x13""content-disposition"
+"\x13content-disposition"
-kw25="\x10""content-encoding"
+"\x10content-encoding"
-kw26="\x10""content-language"
+"\x10content-language"
-kw27="\x0e""content-length"
+"\x0Econtent-length"
-kw28="\x10""content-location"
+"\x10content-location"
-kw29="\x0d""content-range"
+"\x0Dcontent-range"
-kw30="\x0c""content-type"
+"\x0Ccontent-type"
-kw31="\x06""cookie"
+"\x06cookie"
-kw32="\x04""date"
+"\x04date"
-kw33="\x07""deflate"
+"\x07deflate"
-kw34="\x0c""deflate,gzip"
+"\x0Cdeflate,gzip"
-kw35="\x00"
+"\x00"
-kw36="\x04""etag"
+"\x04etag"
-kw37="\x06""expect"
+"\x06expect"
-kw38="\x07""expires"
+"\x07expires"
-kw39="\x04""from"
+"\x04from"
-kw40="\x03GET"
+"\x03GET"
-kw41="\x04grpc"
+"\x04grpc"
-kw42="\x14grpc-accept-encoding"
+"\x14grpc-accept-encoding"
-kw43="\x0dgrpc-encoding"
+"\x0Dgrpc-encoding"
-kw44="\x1egrpc-internal-encoding-request"
+"\x1Egrpc-internal-encoding-request"
-kw45="\x0cgrpc-message"
+"\x0Cgrpc-message"
-kw46="\x0bgrpc-status"
+"\x0Bgrpc-status"
-kw47="\x0cgrpc-timeout"
+"\x0Cgrpc-timeout"
-kw48="\x04gzip"
+"\x04gzip"
-kw49="\x0dgzip, deflate"
+"\x0Dgzip, deflate"
-kw50="\x04host"
+"\x04host"
-kw51="\x04http"
+"\x04http"
-kw52="\x05https"
+"\x05https"
-kw53="\x08identity"
+"\x08identity"
-kw54="\x10identity,deflate"
+"\x10identity,deflate"
-kw55="\x15identity,deflate,gzip"
+"\x15identity,deflate,gzip"
-kw56="\x0didentity,gzip"
+"\x0Didentity,gzip"
-kw57="\x08if-match"
+"\x08if-match"
-kw58="\x11if-modified-since"
+"\x11if-modified-since"
-kw59="\x0dif-none-match"
+"\x0Dif-none-match"
-kw60="\x08if-range"
+"\x08if-range"
-kw61="\x13if-unmodified-since"
+"\x13if-unmodified-since"
-kw62="\x0dlast-modified"
+"\x0Dlast-modified"
-kw63="\x04link"
+"\x04link"
-kw64="\x08location"
+"\x08location"
-kw65="\x0cmax-forwards"
+"\x0Cmax-forwards"
-kw66="\x07:method"
+"\x07:method"
-kw67="\x05:path"
+"\x05:path"
-kw68="\x04POST"
+"\x04POST"
-kw69="\x12proxy-authenticate"
+"\x12proxy-authenticate"
-kw70="\x13proxy-authorization"
+"\x13proxy-authorization"
-kw71="\x03PUT"
+"\x03PUT"
-kw72="\x05range"
+"\x05range"
-kw73="\x07referer"
+"\x07referer"
-kw74="\x07refresh"
+"\x07refresh"
-kw75="\x0bretry-after"
+"\x0Bretry-after"
-kw76="\x07:scheme"
+"\x07:scheme"
-kw77="\x06server"
+"\x06server"
-kw78="\x0aset-cookie"
+"\x0Aset-cookie"
-kw79="\x01/"
+"\x01/"
-kw80="\x0b/index.html"
+"\x0B/index.html"
-kw81="\x07:status"
+"\x07:status"
-kw82="\x19strict-transport-security"
+"\x19strict-transport-security"
-kw83="\x02te"
+"\x02te"
-kw84="\x08trailers"
+"\x08trailers"
-kw85="\x11transfer-encoding"
+"\x11transfer-encoding"
-kw86="\x0auser-agent"
+"\x0Auser-agent"
-kw87="\x04vary"
+"\x04vary"
-kw88="\x03via"
+"\x03via"
-kw89="\x10www-authenticate"
+"\x10www-authenticate"
 "\x00\x0Eaccept-charset\x00"
 "\x00\x06accept\x00"
 "\x00\x0Faccept-encoding\x00"
 "\x00\x0Faccept-encoding\x0Dgzip, deflate"
 "\x00\x0Faccept-language\x00"
 "\x00\x0Daccept-ranges\x00"
 "\x00\x1Baccess-control-allow-origin\x00"
 "\x00\x03age\x00"
 "\x00\x05allow\x00"
 "\x00\x0A:authority\x00"
 "\x00\x0Dauthorization\x00"
 "\x00\x0Dcache-control\x00"
 "\x00\x13content-disposition\x00"
 "\x00\x10content-encoding\x00"
 "\x00\x10content-language\x00"
 "\x00\x0Econtent-length\x00"
 "\x00\x10content-location\x00"
 "\x00\x0Dcontent-range\x00"
 "\x00\x0Ccontent-type\x10application/grpc"
 "\x00\x0Ccontent-type\x00"
 "\x00\x06cookie\x00"
 "\x00\x04date\x00"
 "\x00\x04etag\x00"
 "\x00\x06expect\x00"
 "\x00\x07expires\x00"
 "\x00\x04from\x00"
 "\x00\x14grpc-accept-encoding\x07deflate"
 "\x00\x14grpc-accept-encoding\x0Cdeflate,gzip"
 "\x00\x14grpc-accept-encoding\x04gzip"
 "\x00\x14grpc-accept-encoding\x08identity"
 "\x00\x14grpc-accept-encoding\x10identity,deflate"
 "\x00\x14grpc-accept-encoding\x15identity,deflate,gzip"
 "\x00\x14grpc-accept-encoding\x0Didentity,gzip"
 "\x00\x0Dgrpc-encoding\x07deflate"
 "\x00\x0Dgrpc-encoding\x04gzip"
 "\x00\x0Dgrpc-encoding\x08identity"
 "\x00\x0Bgrpc-status\x010"
 "\x00\x0Bgrpc-status\x011"
 "\x00\x0Bgrpc-status\x012"
 "\x00\x04host\x00"
 "\x00\x08if-match\x00"
 "\x00\x11if-modified-since\x00"
 "\x00\x0Dif-none-match\x00"
 "\x00\x08if-range\x00"
 "\x00\x13if-unmodified-since\x00"
 "\x00\x0Dlast-modified\x00"
 "\x00\x04link\x00"
 "\x00\x08location\x00"
 "\x00\x0Cmax-forwards\x00"
 "\x00\x07:method\x03GET"
 "\x00\x07:method\x04POST"
 "\x00\x07:method\x03PUT"
 "\x00\x05:path\x01/"
 "\x00\x05:path\x0B/index.html"
 "\x00\x12proxy-authenticate\x00"
 "\x00\x13proxy-authorization\x00"
 "\x00\x05range\x00"
 "\x00\x07referer\x00"
 "\x00\x07refresh\x00"
 "\x00\x0Bretry-after\x00"
 "\x00\x07:scheme\x04grpc"
 "\x00\x07:scheme\x04http"
 "\x00\x07:scheme\x05https"
 "\x00\x06server\x00"
 "\x00\x0Aset-cookie\x00"
 "\x00\x07:status\x03200"
 "\x00\x07:status\x03204"
 "\x00\x07:status\x03206"
 "\x00\x07:status\x03304"
 "\x00\x07:status\x03400"
 "\x00\x07:status\x03404"
 "\x00\x07:status\x03500"
 "\x00\x19strict-transport-security\x00"
 "\x00\x02te\x08trailers"
 "\x00\x11transfer-encoding\x00"
 "\x00\x0Auser-agent\x00"
 "\x00\x04vary\x00"
 "\x00\x03via\x00"
 "\x00\x10www-authenticate\x00"
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/05efe6d81ce606557691432634e81f61e68b0b81
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/05efe6d81ce606557691432634e81f61e68b0b81
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/07ad7e0ea2aaecba37f2429a64e946fc6e2556f1
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/07ad7e0ea2aaecba37f2429a64e946fc6e2556f1
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/0c413d2b361b2221585026d42f3046ff4135d2ff
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/0c413d2b361b2221585026d42f3046ff4135d2ff
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/3292129aa7f6eba86b70fff64408f18fff895c12
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/3292129aa7f6eba86b70fff64408f18fff895c12
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/38df7e63181cbd045e5af9dbee463360c8254618
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/38df7e63181cbd045e5af9dbee463360c8254618
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/3d7ef8c7b05f26e914c479dedb1bef5e378d2d94
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/3d7ef8c7b05f26e914c479dedb1bef5e378d2d94
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/4271fbb36e03cee79b21a4a5a65f37ceef58a8cd
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/4271fbb36e03cee79b21a4a5a65f37ceef58a8cd
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/44516839d35af9ccaf8a2c62f3ce6a723482445e
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/44516839d35af9ccaf8a2c62f3ce6a723482445e
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/59d0b24d1acd01c749fb4bd6802a5f4dd003ce75
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/59d0b24d1acd01c749fb4bd6802a5f4dd003ce75
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/61e798bdd49b339983fea4ccfe18efe44afbd69b
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/61e798bdd49b339983fea4ccfe18efe44afbd69b
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/8164d3c4af043c47cfd6966873bccd2353d072bf
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/8164d3c4af043c47cfd6966873bccd2353d072bf
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/8846918f967dd6513040c6d382fcd68ff7099873
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/8846918f967dd6513040c6d382fcd68ff7099873
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/885fe25a0b441ef46ab176b88771c133e530cb73
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/885fe25a0b441ef46ab176b88771c133e530cb73
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/bc9545cebdcb3af82406a5f0c1b286d28f9d4f5a
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/bc9545cebdcb3af82406a5f0c1b286d28f9d4f5a
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/cc97ece92b72cc2a4d045e16c0e2f2021bc014f8
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/cc97ece92b72cc2a4d045e16c0e2f2021bc014f8
--- a/Show More
+++ b/Show More
`@ -1,2 +1,2 @@`
	`# Using login shell removes Go from path, so we add it.`	`# Using login shell removes Go from path, so we add it.`
	`RUN ln -s /usr/src/go/bin/go /usr/local/bin`	`RUN ln -s /usr/local/go/bin/go /usr/local/bin`
		`@ -0,0 +1 @@`
							`!m<EFBFBD>!mm<EFBFBD><EFBFBD>N!<EFBFBD><EFBFBD>N<EFBFBD>N'<EFBFBD>!)<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>NN<EFBFBD><EFBFBD><EFBFBD>`
		`@ -0,0 +1 @@`
							`!mm<EFBFBD><EFBFBD>N!<EFBFBD><EFBFBD>N)<EFBFBD>N'<EFBFBD>)<EFBFBD><EFBFBD>NN`