Chiebot-Mirror/grpc - grpc - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
David Chamberlin	5b724c09c5	[tls] Add copy constructor for TlsCredentialsOptions (#35499 ) <!-- If you know who should review your pull request, please assign it to that person, otherwise the pull request would get assigned randomly. If your pull request is for a specific language, please add the appropriate lang label. --> Closes #35499 COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35499 from dawidcha:cred_opts_copy_constr `330165930f` PiperOrigin-RevId: 599977221	10 months ago
Luwei Ge	dd12460018	[tls] Add set min/max TLS version APIs to TLS credentials APIs. (#34861 ) Address #28382. This is a recreation of #31368 except e2e tests are not handled here (yet). Closes #34861 COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/34861 from rockspore:tls_version `f9a1215ac1` PiperOrigin-RevId: 589847110	12 months ago
Matthew Stevenson	07985907f2	[tls] Fix ownership bugs in TlsCredentialsOptions and grpc_tls_credentials_options. (#34758 ) Currently it is very easy to use the `TlsCredentialsOptions` in such a way that it produces a memory leak. For example, the code block ``` { TlsCredentialsOptions options; } ``` produces a memory leak. This PR fixes up the ownership bugs in this class and its `grpc_tls_credentials_options`, the C-core analogue.	1 year ago
Gregory Cooke	9969d820b5	[TLS - Revocation] Crl Provider (#34715 ) This reverts commit `7af5efcfd3`.	1 year ago
apolcyn	7af5efcfd3	Revert "[TLS - Revocation] Crl Provider (#33786 )" (#34713 ) This reverts commit `0f0396ae92`.	1 year ago
Gregory Cooke	0f0396ae92	[TLS - Revocation] Crl Provider (#33786 ) The basic APIs for the CRL Reloading features. This adds external types to represent CRL Providers, CRLs, and CertificateInfo. Internally we will use `CrlImpl` - this layer is needed to hide OpenSSL details from the user. GRFC - https://github.com/grpc/proposal/pull/382 Things Done * Add external API for `CrlProvider`, `Crl`, `CertInfo` (`CertInfo` is used during CRL lookup rather than passing the entire certificate). * Add code paths in `ssl_transport_security` to utilize CRL providers * Add `StaticCrlProvider` * Refactor `crl_ssl_transport_security_test.cc` so it is more extensible and can be used with providers	1 year ago
Gregory Cooke	a4f345ff96	TlsCreds: Support revocation of intermediate in chain. (#32544 ) This PR is a small code change with a lot of new test data. [In OpenSSL, there are two flags that configure CRL checks. Coping relevant section:](https://www.openssl.org/docs/man1.0.2/man3/X509_VERIFY_PARAM_get_depth.html) > - X509_V_FLAG_CRL_CHECK enables CRL checking for the certificate chain leaf certificate. An error occurs if a suitable CRL cannot be found. > - X509_V_FLAG_CRL_CHECK_ALL enables CRL checking for the entire certificate chain. We currently only set `X509_V_FLAG_CRL_CHECK`, so we will only ever check if the leaf certificate is revoked. We should check the whole chain. I am open to making this a user configuration if we want to do it that way, but we certainly need to be able to check the whole chain. So, this PR contains the small code change in `ssl_transport_security.cc` to use the `X509_V_FLAG_CRL_CHECK_ALL` flag. Then the rest of the changes are in tests. I've added all the necessary files to have a chain built that looks as follows `Root CA -> Revoked Intermediate CA -> Leaf Certificate`, and added a test for this case as well. You can verify that on master this new test will fail (i.e. the handshake will succeed even though the intermediate CA is revoked) by checking out this branch, running `git checkout master -- ./src/core/tsi/ssl_transport_security.cc`, then running the test. I also slightly reorganized test/core/tsi/test_creds/ so that the CRLs are in their own directory, which is the way our API intends to accept CRLs.	2 years ago
Yijie Ma	f99b8b5bc4	Convert c-style comments to C++-style comments (#31923 ) * baseline * fix clang-tidy * manually revert these files * manually fixup at eof * revert 2 more files * change check_deprecated_grpc++.py * change end2end_defs.include template * fix check_include_guards.py * untrack tools/distrib/python/convert_cstyle_comments_to_cpp.py not yet ready to be submitted * fix yapf check_include_guards.py remove a space... * fix version.cc.template * fix version_info.h.template	2 years ago
aeitzman	d934aabb09	Added url validation for aws metadata endpoints in aws external account (#31626 ) * Added url validation for aws metadata endpoints in aws external account * addressing review comments * fix error message back * Fix broken test	2 years ago
Craig Tiller	c2ab8c99bb	Revert "Revert "[c++] Move environment functions to C++ (#30937 )" (#30986 )" (#30988 ) This reverts commit `96264e07b8`.	2 years ago
Craig Tiller	96264e07b8	Revert "[c++] Move environment functions to C++ (#30937 )" (#30986 ) This reverts commit `74c0d6fe3f`.	2 years ago
Craig Tiller	74c0d6fe3f	[c++] Move environment functions to C++ (#30937 ) * [gprpp] Move env to C++ * move headers/impl * Automated change: Fix sanity tests * fix * fix * Automated change: Fix sanity tests * Update http_proxy.cc * fix * fix * rename * fix merge * fix Co-authored-by: ctiller <ctiller@users.noreply.github.com>	2 years ago
krestofur	1cdcd88fb1	Add experimental API for CRL checking support to gRPC C++ TlsCredentials (#28407 )	3 years ago
ZhenLian	2e14f6fa70	Support Custom Post-handshake Verification in TlsCredentials (#25631 ) * custom verification refactoring - post-handshake verification	3 years ago
Craig Tiller	ea389c00c2	Adjust include order per style guide (#27175 ) Introduce clang-format configuration to sort includes closer to our rules.	3 years ago
bojeil-google	33b80f16ec	Applies clang_format_code.sh to address sanity check tests.	4 years ago
Bassam Ojeil	a8e061bf88	Removes experimental namespace from ExternalAccountCredentials tests.	4 years ago
ZhenLian	c48e39d5c2	Support Default Root Certs in Tls Credentials	4 years ago
Chuan Ren	06cc42eb85	Add support of implicit and explicit flows for external account creds	4 years ago
ZhenLian	d74e43da95	Add File Watcher Certificate Provider API	4 years ago
ZhenLian	518ed1303c	Add Credential Loading From Static Providers For TLS Credentials	4 years ago
Karthik Ravi Shankar	1de0bfd9e2	Revert "Revert "Move create_channel and credentials from ::grpc_impl to ::grpc""	4 years ago
Karthik Ravi Shankar	f1bc43edf6	Revert "Move create_channel and credentials from ::grpc_impl to ::grpc"	4 years ago
Esun Kim	165ee5007a	Replaced grpc::string with std::string	4 years ago
Karthik Ravi Shankar	59b41d50fa	Formatting fixes	4 years ago
Karthik Ravi Shankar	bf551af394	Fix credentials test.	4 years ago
jiangtaoli2016	12a6435557	TlsCredentialsOption API optimization	5 years ago
Matthew Stevenson	a37d5f14b0	Remove flaky test introduced in PR 21932.	5 years ago
Mark D. Roth	09b42371e7	Remove grpc_core::InlinedVector<> and grpc_core::Optional<>.	5 years ago
ZhenLian	738272f3a8	[ImproveTLS] add a wrapper to error_detail in C core args	5 years ago
Zhen Lian	cbc977204b	[ImproveTLS] fix memory leak issue from users' perspective	5 years ago
Matthew Stevenson	864e232edf	Update TlsServerCredentials to initialize C-core.	5 years ago
Matthew Stevenson	77377fa931	Removed server builder and ssl creds stuff.	5 years ago
Matthew Stevenson	b344c90fe1	ssl creds	5 years ago
Matthew Stevenson	924aace7dc	Version 4.	5 years ago
Matthew Stevenson	d869bed623	Added in server builder.	5 years ago
matthewstevenson88	ee7ae056e5	Revert "Updates to TLS credentials, version 3"	5 years ago
Matthew Stevenson	f557437b51	Add back changes.	5 years ago
Matthew Stevenson	3818f81fb8	Update from master.	5 years ago
Matthew Stevenson	47c755520c	Remove TestEnvironment.	5 years ago
Matthew Stevenson	1f13c17a28	Adding back in grpc_init.	5 years ago
Matthew Stevenson	0b51d535f3	Remove grpc_init.	5 years ago
Matthew Stevenson	e392d0ac7d	experiment test	5 years ago
matthewstevenson88	9e0b87f523	Revert "Updates to TLS credentials, version 2"	5 years ago
Matthew Stevenson	e18defc303	Fix attempt #2 .	5 years ago
Matthew Stevenson	b2f1510dd7	Fix load TLS server credentials 1.	5 years ago
matthewstevenson88	26d50f726a	Revert "Collect TLS-specific changes from PR 20568."	5 years ago
Matthew Stevenson	5cfff04ce9	Collect TLS-specific changes from PR 2-568.	5 years ago
Akshay Kumar	db11b94f25	FullChainExperimental-01-200103	5 years ago
Yihua Zhang	a6dbc7adb5	rename spiffe to tls	5 years ago

1 2 3

119 Commits (1465313684f1046c10379a118de1ffac0041b0a7)