Chiebot-Mirror/grpc - grpc - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
David Cowden	116fd29a36	gRPC core: strip zone-id from IPv6 hosts before TLS verification When initiating a connection to an IPv6 peer using an address that is not globally scoped, there may be ambiguity regarding which zone the destination address applies to when multiple links of the same scope are present. The scoped address architecture and zone-id syntax are described in rfc4007 and rfc 6874, respectively: * https://tools.ietf.org/html/rfc4007#section-6 * https://tools.ietf.org/html/rfc6874 This patch allows host name verification performed during TLS session establishment, and on a per-call basis, to work correctly when the peer presents a certificate with a non-global IPv6 address listed as one of its alternate names. Whether arbitrary certificate authorities choose issue certificates of this nature, or not, is outside the scope of gRPC. The zone-id is separated from the address using a percent (%) character. It is considered a system implementation detail and guidance suggests it be stripped from any paths or addresses egressing a host because it is irrelevant and meaningless otherwise. It would not make sense for a server to present a certificate containing non-global IPv6 addresses with zone-ids present nor would it work unless two hosts happened to be using the same zone-id. ssl_host_matches_name is prefixed with grpc_ because it has been promoted to the global namespace for testing. Resolves #14371	7 years ago
Ruslan Nigmatullin	6bdcc6f7cf	[openssl] Use 80-bytes STEK for OpenSSL-1.1	7 years ago
jiangtaoli2016	9c32619ab0	Fix BUILD to allow successful import	7 years ago
Jiangtao Li	1b7d6af8ca	Revert "Revert "Add fake ALTS handshaker server (bazel only)""	7 years ago
Mark D. Roth	69c1235780	Revert "Add fake ALTS handshaker server (bazel only)"	7 years ago
Yash Tibrewal	adc733f024	Make linux polling engines capable of tracking errors separately with backward compatibility.	7 years ago
jiangtaoli2016	68d1fb9a2c	Add fake ALTS handshaker server (bazel only)	7 years ago
Mark D. Roth	7898da90e7	Clean up test cases in dns_resolver_test.	7 years ago
Mark D. Roth	908a2173fe	Avoid warnings from LLVM -Wself-assign.	7 years ago
Mark D. Roth	dc4d01f6ef	Add tracer for handshakers.	7 years ago
Juanli Shen	40991ee014	Add build path to ALTS test BUILD files	7 years ago
Yihua Zhang	fe2fa0c1c8	Add C++ experimental API extensions for ALTS C stack	7 years ago
Sree Kuchibhotla	1dd12c084a	Fix some more formatting issues	7 years ago
David Benjamin	10c2ea3ca2	Do not reach into BoringSSL internals. SSL_SESSION is a private struct and should not be accessed by calling code. There is no need to assert on the reference count in that test; the test already asserts on whether the SSL_SESSION was destroyed.	7 years ago
Dan Zhang	8bd239551a	use renamed function in test for cheking so_reuseport	7 years ago
Dan Zhang	8c2314093b	Allow udp_server to create multiple listeners for each port via SO_REUSEPORT	7 years ago
Mark D. Roth	de077acf5d	Fix retry code handling of internally triggered recv_trailing_metadata.	7 years ago
Sree Kuchibhotla	33643ef34e	Fix type coversion errors	7 years ago
Adele Zhou	3f322e1088	Fix a memory leak	7 years ago
Yash Tibrewal	6b3db74df9	Don't create exec_ctx on the stack if it's already there	7 years ago
kpayson64	c7c35c5cd7	Disable SO_REUSEPORT disabled test for uv tests	7 years ago
Jan Tattermusch	3095e350ac	regenerate projects using tools/buildgen/generate_projects.sh	7 years ago
Yash Tibrewal	3fd682961a	Create exec_ctx on stack for resource_quota_server test	7 years ago
Mark D. Roth	7c1b5db3bb	Convert subchannel_list code to C++.	7 years ago
David Garcia Quintas	d3ace6cf29	Fix authority fuzzing failures	7 years ago
Mark D. Roth	62d2ca77db	Change InlinedVector to keep elements stored contiguously.	7 years ago
Mark D. Roth	9db86fcc63	Convert retry throttle code to C++ and add tests.	7 years ago
David Garcia Quintas	b08e6a2e3d	fix generate_tests.bzl	7 years ago
David Garcia Quintas	49f625f232	more comments	7 years ago
David Garcia Quintas	861363d618	added call_host_override test	7 years ago
David Garcia Quintas	8a6453d31b	localhost or 127.0.0.1	7 years ago
David Garcia Quintas	27d48dad5e	fixed bad_ping test after merge	7 years ago
David Garcia Quintas	0287924466	Added host override info to test fixture config	7 years ago
yang-g	1f7e8cb4a4	Properly reset pings_before_data_required	7 years ago
Adele Zhou	aadbd18596	Also add size	7 years ago
David Garcia Quintas	d043fa06bc	PR comments	7 years ago
jiangtaoli2016	144f5559da	cache default SSL root cert store	7 years ago
Adele Zhou	7bc84a2256	Use timeout instead of size	7 years ago
Adele Zhou	8f7bdecf7c	Set default size large for fuzzer tests, and enormous for api_fuzzer	7 years ago
Adele Zhou	ad5be3e310	Add size param to grpc_cc_test and set it to enormous for fuzzer tests.	7 years ago
Mark D. Roth	e63e06d8d7	Fall calls with wait_for_ready=false on transient resolver failure.	7 years ago
David Garcia Quintas	4b31e36a19	Fixed tests call host	7 years ago
Yash Tibrewal	e7ef1e5968	Combine cq draining and server destroy for h2_ssl_cert_test	7 years ago
David Garcia Quintas	caa2605a28	Don't capture unnecessary or unused variables	7 years ago
yang-g	69e153209f	Properly reset pings_before_data_required	7 years ago
Muxi Yan	236bec5257	Improve keepalive_timeout test to capture the bug	7 years ago
Yash Tibrewal	7ed7beef68	Remove unnecessary comment	7 years ago
Yash Tibrewal	717fff3faf	Use same queue for batch ops and for shutdown in h2_ssl_cert_test	7 years ago
Ruslan Nigmatullin	99d0cee31b	regenerate projects	7 years ago
Ruslan Nigmatullin	7ae3733cab	[grpc] Add SSL session client cache support	7 years ago

... 4 5 6 7 8 ...

5186 Commits (c8ee12c0f5bdb76d12f4c20c42144383e8a669fb)