<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#36131
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36131 from yijiem:no-logging f3f638176f
PiperOrigin-RevId: 617630514
If party1 wakes party2 we'd prefer that party1 finishes all its activations before it wakes party2:
intuition: party1 might wake party2 for other things too, and being able to coalesce them all into one wakeup significantly helps performance.
Closes#36048
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36048 from ctiller:wakey f6d4416685
PiperOrigin-RevId: 616970833
There were some failures in the Crl Directory related tests after https://github.com/grpc/grpc/pull/36031
This came down to https://github.com/grpc/grpc/pull/36031 adding some CRLs with bad qualities (invalid content/signatures, overriding issuer names) to the `test_creds/crl_data/crls` directory, which is used in the directory reloading tests. The tests began failing on some platforms because they were picking up these bad crls which were failing various checks, but the test was designed to assume that `test_creds/crl_data/crls` was a valid and good directory.
This PR moves the bad CRLs to their own directory to prevent this accidental mash-up of test data. It also adds debug logging to our custom verification stack.
Closes#36122
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36122 from gtcooke94:crl_fix 508dd1370d
PiperOrigin-RevId: 616280898
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#36100
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36100 from yijiem:no-logging 970a640475
PiperOrigin-RevId: 615299752
This PR changes how CRLs are handled purely internally. After discussing with davidben@, there are various problems with the `X509_STORE_set_get_crl` API and we shouldn't use it. This change keeps the behavior and external API the same, but instead of bulk pushing CRL information into OpenSSL, we instead iterate through the built chain and check each certificate for revocation, as well as doing the CRL validation ourselves.
Closes#36031
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36031 from gtcooke94:CrlInternalRefactor 5f4c816648
PiperOrigin-RevId: 615139682
PanCakes to the rescue!
We noticed that our 'sanity' test was going to fail, but we think we can fix that automatically, so we put together this PR to do just that!
If you'd like to opt-out of these PR's, add yourself to NO_AUTOFIX_USERS in .github/workflows/pr-auto-fix.yaml
Closes#36059
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36059 from grpc:create-pull-request/patch-02276f4 fb93164443
PiperOrigin-RevId: 613642099
This adds the following new targets:
- `channel`: A virtual interface for a channel.
- `legacy_channel`: A channel implementation that supports the filter stack and call v2.
- `channel_create`: A standalone function to create a channel.
- `server_interface`: A base class with a few accessor methods used in surface/call.cc.
- `server`: The actual server implementation.
- `api_trace`, `call_tracer`, `server_call_tracer_filter`, `call_finalization`: These were split out of `grpc_base` to avoid various dependency problems.
- `compression`: This is a combination of the previously existing `compression_internal` target and the compression code that was part of `grpc_base`.
Closes#35924
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35924 from markdroth:channel_interface 94a7fffddb
PiperOrigin-RevId: 612512438
Redacting unknown metadata types in debug logs.
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#36006
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/36006 from tanvi-jagtap:tjagtap_redact_01 94c5738bfe
PiperOrigin-RevId: 611334483
This PR adds the Authority Key Identifier to CertificateInfo. This value _can be_ important in finding the right CRLs to use if there are Issuer name overlaps or a more complicated CA setup with multiple signing keys.
We should observe no behavior change in our `CrlProvider` implementations, this is just adding an important field for users who implement it themselves.
Closes#35931
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35931 from gtcooke94:AkidCheck dd048a53b6
PiperOrigin-RevId: 611143198
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#35871
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35871 from yijiem:grpc-metrics 86ebe484ae
PiperOrigin-RevId: 609533796
<!--
If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.
If your pull request is for a specific language, please add the appropriate
lang label.
-->
Closes#35573
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35573 from yijiem:enable-oss-ee-dns-posix-real 1df91d1d84
PiperOrigin-RevId: 609193851
This PR is copied from #34276, since I did not have permissions to add commits to it. That PR has been verified to work (see the top-level description). This PR just makes the gRPC tests pass (e.g. adding includes, clang formatting).
Closes#34874
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/34874 from matthewstevenson88:pull_34276 d5fb73e5b2
PiperOrigin-RevId: 609107146
…p and add some verification helpers (#35641)"
This reverts commit 310770d61d.
It breaks all portability tests.
```
[==========] Running 1 test from 1 test suite.
[----------] Global test environment set-up.
[----------] 1 test from CrlUtils
[ RUN ] CrlUtils.HasCrlSignBitExists
/[var/local/git/grpc/test/core/tsi/ssl_transport_security_utils_test.cc:566](https://cs.corp.google.com/piper///depot/google3/var/local/git/grpc/test/core/tsi/ssl_transport_security_utils_test.cc?l=566): Failure
Value of: HasCrlSignBit(root_ca_)
Actual: false
Expected: true
[ FAILED ] CrlUtils.HasCrlSignBitExists (0 ms)
[----------] 1 test from CrlUtils (0 ms total)
[----------] Global test environment tear-down
[==========] 1 test from 1 test suite ran. (0 ms total)
[ PASSED ] 0 tests.
[ FAILED ] 1 test, listed below:
[ FAILED ] CrlUtils.HasCrlSignBitExists
```
Closes#35962
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35962 from drfloob:revert-310770d61d3b25d358d877a074bebf6ae85549d0 e6a2f03309
PiperOrigin-RevId: 609075479
This breaks the following pieces out of the `grpc_client_channel` BUILD target:
- backend_metric_parser
- oob_backend_metric
- child_policy_handler
- backup_poller
- service_config_channel_arg_filter
- client_channel_channelz
- client_channel_internal_header
- subchannel_connector
- subchannel_pool_interface
- config_selector
- client_channel_service_config_parser
- retry_service_config_parser
- retry_throttle
The code left in the `grpc_client_channel` target will need more work to pull apart.
Closes#35879
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35879 from markdroth:client_channel_build_split f388a37edc
PiperOrigin-RevId: 608806548
This change is needed in order to get certain LB-policy-unit-test-framework-based tests to pass, which involve updates on PF policies.
Without this change, in such tests, health watchers on the original subchannel can be left hanging around. The underlying reason is related to 842057d8d5/test/core/client_channel/lb_policy/lb_policy_test_lib.h (L203).
Related: cl/563857636
Closes#35865
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35865 from apolcyn:update_pf_Test 1a5e6b5591
PiperOrigin-RevId: 607844309
This PR does 2 distinct things, I can unbundle them if desired
1) Add functions in `ssl_transport_security_utils` and associated tests that will eventually be used for additional Crl validation (the logic of actually doing this will be in a future PR), so other than the tests these fns are currently unused.
2) Remove the use of `X509_NAME_oneline` - it is not a guaranteed stable way to get the issuer name for lookups. Instead, use the DER encoding via `i2d_X509_NAME` - the results in a non-human readable string that is stable for lookup, and necessitated some change to the CrlProvider test code that previously used a human readable string for this value.
Neither should result in behavior changes.
Closes#35641
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35641 from gtcooke94:CrlRefactor 2b6f63717c
PiperOrigin-RevId: 607701254
As title. Pulling these additions out from a larger change.
Related: cl/563857636
Closes#35860
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35860 from apolcyn:test_lib_changes 40b6455638
PiperOrigin-RevId: 606708025
The Oauth2 credentials currently rely on pollsets and polling entities, partially because grpc_core::HttpRequest relies on them as well. This is a temporary solution to get both iomgr and EventEngine clients to pass the oauth2 interop tests.
Tested with the client experiment on and off.
Closes#35866
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35866 from drfloob:oauth2_utils_work_with_ee_hack 91eea0c196
PiperOrigin-RevId: 605433817
Yijie Ma
Eugene Ostroukhov
Mark D. Roth
Yash Tibrewal
Craig Tiller
AJ Heller
Gregory Cooke
Tanvi Jagtap
github-actions[bot]
Alexander Polcyn
Matthew Stevenson
youyuanwu
gRPC Team Bot
Yousuk Seung
erm-g