Chiebot-Mirror/grpc - grpc - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Gregory Cooke	9969d820b5	[TLS - Revocation] Crl Provider (#34715 ) This reverts commit `7af5efcfd3`.	1 year ago
apolcyn	7af5efcfd3	Revert "[TLS - Revocation] Crl Provider (#33786 )" (#34713 ) This reverts commit `0f0396ae92`.	1 year ago
Gregory Cooke	0f0396ae92	[TLS - Revocation] Crl Provider (#33786 ) The basic APIs for the CRL Reloading features. This adds external types to represent CRL Providers, CRLs, and CertificateInfo. Internally we will use `CrlImpl` - this layer is needed to hide OpenSSL details from the user. GRFC - https://github.com/grpc/proposal/pull/382 Things Done * Add external API for `CrlProvider`, `Crl`, `CertInfo` (`CertInfo` is used during CRL lookup rather than passing the entire certificate). * Add code paths in `ssl_transport_security` to utilize CRL providers * Add `StaticCrlProvider` * Refactor `crl_ssl_transport_security_test.cc` so it is more extensible and can be used with providers	1 year ago
Matthew Stevenson	278978d6f0	[tls] Remove use of SSL_CTX_set_client_CA_list for TLS server credentials. (#33558 ) This PR does the following: for the TLS server credentials, stops calling `SSL_CTX_set_client_CA_list` by default in `ssl_transport_security.cc`, and gives users a knob to re-enable calling this API. ## What does the `SSL_CTX_set_client_CA_list` API do? When this API is called, a gRPC TLS server sends the following data in the ServerHello: for each certificate in the server's trust bundle, the CA name in the certificate. This API does not change the set of certificates trusted by the server in any way. Rather, it is just providing a hint to the client about what client certificate should be sent to the server. ## Why are we removing the use of `SSL_CTX_set_client_CA_list` by default for the TLS server credentials? Removing the use of this API by default has 2 benefits: 1. Calling this API makes gRPC TLS unusable for servers with a sufficiently large trust bundle. Indeed, if the server trust bundle is too large, then the server will always fail to build the ServerHello. 2. Calling this API is introducing a huge amount of overhead (1000s of bytes) to each ServerHello, so removing this feature will improve connection establishment latency for all users of the TLS server credentials.	1 year ago
Yijie Ma	f99b8b5bc4	Convert c-style comments to C++-style comments (#31923 ) * baseline * fix clang-tidy * manually revert these files * manually fixup at eof * revert 2 more files * change check_deprecated_grpc++.py * change end2end_defs.include template * fix check_include_guards.py * untrack tools/distrib/python/convert_cstyle_comments_to_cpp.py not yet ready to be submitted * fix yapf check_include_guards.py remove a space... * fix version.cc.template * fix version_info.h.template	2 years ago
yihuaz	b458db9246	Eliminate gRPC insecure build (#25586 ) * force submit * fix test error * remove is_client from local tsi and its callsites * fix too_many_pings_test * add missing dep	3 years ago
krestofur	1cdcd88fb1	Add experimental API for CRL checking support to gRPC C++ TlsCredentials (#28407 )	3 years ago
Vignesh Babu	aeea02fab8	TLS Session Keys export for GRPC C++ (#26812 ) * Adding TLS Key export logic to core and c++ wrappers * Adding and end2end cpp tls key export test and updating broken test due to interface changes * regenerate projects * updating tls key export core logic with addition of APIs to grpc_security.h * undoing changes to tls_security_connector_test * regenerate projects * changing the logging format enum name as per GRFC comments * regenerate projects * removing some commented code * updating changes as per review comments * adding GRPCAPI annotations to functions defined in grpc_security.h * regenerate projects * fixed some code styling issues * removing grpc_security.h include from tls_credentials_options.h * updating files as per review comments * minor fixes * moving some code around * removing key log format from tls session key log config and converting it to a simple string * regenerate projects * fixing mistakes in recent merge with master * regenerate projects * regenerate projects * fixing some distrib and snity errors * fixing formatting errors * fixing more sanity checks and raising supported openssl versions to 1.1.1 * updating min supported openssl version to 1.1.1 * updating min supported openssl version in tls_key_export_test * updating test to fix incorrect vector initialization * updating as per latest comments * fixing sanity checks * addressing review comments * fixing sanity checks * fixed c++ comment style * Automated change: Fix sanity tests * fixing review comments Co-authored-by: Vignesh2208 <Vignesh2208@users.noreply.github.com>	3 years ago
ZhenLian	2e14f6fa70	Support Custom Post-handshake Verification in TlsCredentials (#25631 ) * custom verification refactoring - post-handshake verification	3 years ago
Craig Tiller	ea389c00c2	Adjust include order per style guide (#27175 ) Introduce clang-format configuration to sort includes closer to our rules.	3 years ago
ZhenLian	c48e39d5c2	Support Default Root Certs in Tls Credentials	4 years ago
Esun Kim	20509e823d	Fix google-explicit-constructor	4 years ago
ZhenLian	518ed1303c	Add Credential Loading From Static Providers For TLS Credentials	4 years ago
Karthik Ravi Shankar	1de0bfd9e2	Revert "Revert "Move create_channel and credentials from ::grpc_impl to ::grpc""	4 years ago
Karthik Ravi Shankar	f1bc43edf6	Revert "Move create_channel and credentials from ::grpc_impl to ::grpc"	4 years ago
Esun Kim	165ee5007a	Replaced grpc::string with std::string	4 years ago
Karthik Ravi Shankar	7f2eaaabac	Move create_channel and credentials from ::grpc_impl to ::grpc Reverts: https://github.com/grpc/grpc/pull/18374 and https://github.com/grpc/grpc/pull/18444 Credentials and create_channel are very closely intertwined, so it is easier to migrate them together.	5 years ago
jiangtaoli2016	12a6435557	TlsCredentialsOption API optimization	5 years ago
Matthew Stevenson	924aace7dc	Version 4.	5 years ago
matthewstevenson88	ee7ae056e5	Revert "Updates to TLS credentials, version 3"	5 years ago
Matthew Stevenson	f557437b51	Add back changes.	5 years ago
matthewstevenson88	9e0b87f523	Revert "Updates to TLS credentials, version 2"	5 years ago
Matthew Stevenson	e18defc303	Fix attempt #2 .	5 years ago
matthewstevenson88	26d50f726a	Revert "Collect TLS-specific changes from PR 20568."	5 years ago
Matthew Stevenson	5cfff04ce9	Collect TLS-specific changes from PR 2-568.	5 years ago
Akshay Kumar	db11b94f25	FullChainExperimental-01-200103	5 years ago
Vijay Pai	500b0e6d8e	Remove unused parameter warnings from include/ and src/core	5 years ago
Matthew Stevenson	00cce90adf	Changes requested by Yihua.	5 years ago
Matthew Stevenson	fba2fc2dba	Fourth	5 years ago
Matthew Stevenson	d866d09b5c	Second round of small changes from e2e tests.	5 years ago
Matthew Stevenson	a7f9d943d5	First set of small changes from development of e2e tests.	5 years ago
Matthew Stevenson	10a39b77c6	Implemented changes outlined in addendum to design doc.	5 years ago
Matthew Stevenson	5639867c2b	Clang changes.	5 years ago
Matthew Stevenson	8e09d8745d	Implementing further comments by Yang.	5 years ago
Matthew Stevenson	0a054cc6ea	Implementing Yang's secound round of comments.	5 years ago
Matthew Stevenson	96c24347f7	Refactored the configs, per Yang's suggestions.	5 years ago
Matthew Stevenson	eafaf13083	Another small build fix.	5 years ago
Matthew Stevenson	65c9ece139	Forgot to run clang_format after previous build changes.	5 years ago
Matthew Stevenson	78e27bc141	Another attempt at fixing build issue.	5 years ago
Matthew Stevenson	43f9058565	Changed include orders to remove dependency of grpc++_base_unsecure library on grpc_security.h.	5 years ago
Matthew Stevenson	82cbe22532	Added comments in tls_credentials_options.h, per Yihua's comment.	5 years ago
Matthew Stevenson	99058a2f09	Implemented Yihua's proposed changes from Aug 29	5 years ago
Matthew Stevenson	9457917ed1	Autogenerated files and clang format/tidy code	5 years ago
Matthew Stevenson	c942282abc	Implemented Yihua's review comments	5 years ago
Matthew Stevenson	86f52e312a	More work with memory leaks	5 years ago
Matthew Stevenson	333cd930c3	Removed old Arg constructors as comments.	5 years ago
Matthew Stevenson	5d9297d0bc	Fixed some memory leaks	5 years ago
Matthew Stevenson	c2fd3844dc	Implemented Yihua's comments	5 years ago
Matthew Stevenson	967b911f85	Add forgotten callback function for server authorization check.	5 years ago
Matthew Stevenson	6189d34724	Revert "Forgot to autogenerate files and run clang_format/tidy_code" This reverts commit `9295e4ebb3`.	5 years ago

1 2

65 Commits (afe5f6d2a4e31ded8667af0268ed570bf24a7a8c)