Gregory Cooke
a4f345ff96
TlsCreds: Support revocation of intermediate in chain. ( #32544 )
...
This PR is a small code change with a lot of new test data.
[In OpenSSL, there are two flags that configure CRL checks. Coping
relevant
section:](https://www.openssl.org/docs/man1.0.2/man3/X509_VERIFY_PARAM_get_depth.html )
> - X509_V_FLAG_CRL_CHECK enables CRL checking for the certificate chain
leaf certificate. An error occurs if a suitable CRL cannot be found.
> - X509_V_FLAG_CRL_CHECK_ALL enables CRL checking for the entire
certificate chain.
We currently only set `X509_V_FLAG_CRL_CHECK`, so we will only ever
check if the leaf certificate is revoked. We should check the whole
chain. I am open to making this a user configuration if we want to do it
that way, but we certainly need to be able to check the whole chain.
So, this PR contains the small code change in
`ssl_transport_security.cc` to use the `X509_V_FLAG_CRL_CHECK_ALL` flag.
Then the rest of the changes are in tests. I've added all the necessary
files to have a chain built that looks as follows
`Root CA -> Revoked Intermediate CA -> Leaf Certificate`, and added a
test for this case as well.
You can verify that on master this new test will fail (i.e. the
handshake will succeed even though the intermediate CA is revoked) by
checking out this branch, running `git checkout master --
./src/core/tsi/ssl_transport_security.cc`, then running the test.
I also slightly reorganized test/core/tsi/test_creds/ so that the CRLs
are in their own directory, which is the way our API intends to accept
CRLs.
2 years ago
Yijie Ma
f99b8b5bc4
Convert c-style comments to C++-style comments ( #31923 )
...
* baseline
* fix clang-tidy
* manually revert these files
* manually fixup at eof
* revert 2 more files
* change check_deprecated_grpc++.py
* change end2end_defs.include template
* fix check_include_guards.py
* untrack tools/distrib/python/convert_cstyle_comments_to_cpp.py
not yet ready to be submitted
* fix
yapf check_include_guards.py
remove a space...
* fix version.cc.template
* fix version_info.h.template
2 years ago
aeitzman
d934aabb09
Added url validation for aws metadata endpoints in aws external account ( #31626 )
...
* Added url validation for aws metadata endpoints in aws external account
* addressing review comments
* fix error message back
* Fix broken test
2 years ago
Craig Tiller
c2ab8c99bb
Revert "Revert "[c++] Move environment functions to C++ ( #30937 )" ( #30986 )" ( #30988 )
...
This reverts commit 96264e07b8
.
2 years ago
Craig Tiller
96264e07b8
Revert "[c++] Move environment functions to C++ ( #30937 )" ( #30986 )
...
This reverts commit 74c0d6fe3f
.
2 years ago
Craig Tiller
74c0d6fe3f
[c++] Move environment functions to C++ ( #30937 )
...
* [gprpp] Move env to C++
* move headers/impl
* Automated change: Fix sanity tests
* fix
* fix
* Automated change: Fix sanity tests
* Update http_proxy.cc
* fix
* fix
* rename
* fix merge
* fix
Co-authored-by: ctiller <ctiller@users.noreply.github.com>
2 years ago
krestofur
1cdcd88fb1
Add experimental API for CRL checking support to gRPC C++ TlsCredentials ( #28407 )
3 years ago
ZhenLian
2e14f6fa70
Support Custom Post-handshake Verification in TlsCredentials ( #25631 )
...
* custom verification refactoring - post-handshake verification
3 years ago
Craig Tiller
ea389c00c2
Adjust include order per style guide ( #27175 )
...
Introduce clang-format configuration to sort includes closer to our rules.
3 years ago
bojeil-google
33b80f16ec
Applies clang_format_code.sh to address sanity check tests.
4 years ago
Bassam Ojeil
a8e061bf88
Removes experimental namespace from ExternalAccountCredentials tests.
4 years ago
ZhenLian
c48e39d5c2
Support Default Root Certs in Tls Credentials
4 years ago
Chuan Ren
06cc42eb85
Add support of implicit and explicit flows for external account creds
4 years ago
ZhenLian
d74e43da95
Add File Watcher Certificate Provider API
4 years ago
ZhenLian
518ed1303c
Add Credential Loading From Static Providers For TLS Credentials
4 years ago
Karthik Ravi Shankar
1de0bfd9e2
Revert "Revert "Move create_channel and credentials from ::grpc_impl to ::grpc""
4 years ago
Karthik Ravi Shankar
f1bc43edf6
Revert "Move create_channel and credentials from ::grpc_impl to ::grpc"
4 years ago
Esun Kim
165ee5007a
Replaced grpc::string with std::string
4 years ago
Karthik Ravi Shankar
59b41d50fa
Formatting fixes
4 years ago
Karthik Ravi Shankar
bf551af394
Fix credentials test.
4 years ago
jiangtaoli2016
12a6435557
TlsCredentialsOption API optimization
5 years ago
Matthew Stevenson
a37d5f14b0
Remove flaky test introduced in PR 21932.
5 years ago
Mark D. Roth
09b42371e7
Remove grpc_core::InlinedVector<> and grpc_core::Optional<>.
5 years ago
ZhenLian
738272f3a8
[ImproveTLS] add a wrapper to error_detail in C core args
5 years ago
Zhen Lian
cbc977204b
[ImproveTLS] fix memory leak issue from users' perspective
5 years ago
Matthew Stevenson
864e232edf
Update TlsServerCredentials to initialize C-core.
5 years ago
Matthew Stevenson
77377fa931
Removed server builder and ssl creds stuff.
5 years ago
Matthew Stevenson
b344c90fe1
ssl creds
5 years ago
Matthew Stevenson
924aace7dc
Version 4.
5 years ago
Matthew Stevenson
d869bed623
Added in server builder.
5 years ago
matthewstevenson88
ee7ae056e5
Revert "Updates to TLS credentials, version 3"
5 years ago
Matthew Stevenson
f557437b51
Add back changes.
5 years ago
Matthew Stevenson
3818f81fb8
Update from master.
5 years ago
Matthew Stevenson
47c755520c
Remove TestEnvironment.
5 years ago
Matthew Stevenson
1f13c17a28
Adding back in grpc_init.
5 years ago
Matthew Stevenson
0b51d535f3
Remove grpc_init.
5 years ago
Matthew Stevenson
e392d0ac7d
experiment test
5 years ago
matthewstevenson88
9e0b87f523
Revert "Updates to TLS credentials, version 2"
5 years ago
Matthew Stevenson
e18defc303
Fix attempt #2 .
5 years ago
Matthew Stevenson
b2f1510dd7
Fix load TLS server credentials 1.
5 years ago
matthewstevenson88
26d50f726a
Revert "Collect TLS-specific changes from PR 20568."
5 years ago
Matthew Stevenson
5cfff04ce9
Collect TLS-specific changes from PR 2-568.
5 years ago
Akshay Kumar
db11b94f25
FullChainExperimental-01-200103
5 years ago
Yihua Zhang
a6dbc7adb5
rename spiffe to tls
5 years ago
Esun Kim
e8863d0064
Fix new & delete match
5 years ago
Esun Kim
e45b60d1fe
Fix unique_ptr<char> memory allocation mismatch
5 years ago
Esun Kim
b2b7fc9af8
Replaced grpc_core::UniquePtr with std::unique_ptr
5 years ago
Esun Kim
3a519a0b64
Replaced grpc_core New & Delete with C++ new & delete
5 years ago
Moiz Haidry
d874a260bb
Fix unused variable error
5 years ago
Matthew Stevenson
c7802d488a
Fixed a small typos from previous commit.
5 years ago