grpc 1.18.0 → 1.22.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +4731 -7404
- data/etc/roots.pem +146 -0
- data/include/grpc/grpc.h +11 -6
- data/include/grpc/grpc_security.h +297 -4
- data/include/grpc/grpc_security_constants.h +1 -1
- data/include/grpc/impl/codegen/byte_buffer.h +13 -0
- data/include/grpc/impl/codegen/gpr_types.h +1 -1
- data/include/grpc/impl/codegen/grpc_types.h +30 -7
- data/include/grpc/impl/codegen/port_platform.h +88 -7
- data/include/grpc/impl/codegen/slice.h +2 -22
- data/include/grpc/impl/codegen/status.h +2 -1
- data/include/grpc/impl/codegen/sync_posix.h +18 -0
- data/include/grpc/slice.h +3 -3
- data/src/core/ext/filters/client_channel/backup_poller.cc +21 -16
- data/src/core/ext/filters/client_channel/backup_poller.h +8 -2
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +3 -1
- data/src/core/ext/filters/client_channel/client_channel.cc +2435 -1557
- data/src/core/ext/filters/client_channel/client_channel.h +2 -10
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -89
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +8 -33
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +22 -34
- data/src/core/ext/filters/client_channel/client_channel_factory.h +19 -38
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +9 -11
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +179 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +68 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +59 -55
- data/src/core/ext/filters/client_channel/health/health_check_client.h +20 -9
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +146 -157
- data/src/core/ext/filters/client_channel/http_connect_handshaker.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +29 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +844 -859
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +2 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +6 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +14 -12
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +16 -12
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +185 -312
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +143 -375
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +192 -245
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +1554 -955
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_secure.cc +0 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +2 -2
- data/src/core/ext/filters/client_channel/lb_policy.cc +115 -22
- data/src/core/ext/filters/client_channel/lb_policy.h +260 -129
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +5 -2
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +107 -4
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +10 -3
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +96 -0
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +56 -0
- data/src/core/ext/filters/client_channel/parse_address.cc +24 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +121 -122
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +84 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +3 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +179 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +24 -10
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +111 -47
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +7 -13
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +39 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +0 -6
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +2 -64
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +28 -0
- data/src/core/{lib/iomgr/network_status_tracker.cc → ext/filters/client_channel/resolver/dns/dns_resolver_selection.h} +8 -15
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +36 -82
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +111 -72
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +13 -8
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +28 -63
- data/src/core/ext/filters/client_channel/resolver.cc +54 -1
- data/src/core/ext/filters/client_channel/resolver.h +52 -23
- data/src/core/ext/filters/client_channel/resolver_factory.h +3 -1
- data/src/core/ext/filters/client_channel/resolver_registry.cc +5 -2
- data/src/core/ext/filters/client_channel/resolver_registry.h +5 -4
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +368 -241
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +58 -76
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +543 -0
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +139 -0
- data/src/core/ext/filters/client_channel/server_address.cc +4 -54
- data/src/core/ext/filters/client_channel/server_address.h +1 -13
- data/src/core/ext/filters/client_channel/service_config.cc +329 -0
- data/src/core/ext/filters/client_channel/service_config.h +205 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +803 -838
- data/src/core/ext/filters/client_channel/subchannel.h +295 -128
- data/src/core/ext/filters/client_channel/subchannel_interface.h +113 -0
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +97 -0
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +94 -0
- data/src/core/ext/filters/deadline/deadline_filter.cc +3 -4
- data/src/core/ext/filters/deadline/deadline_filter.h +3 -2
- data/src/core/ext/filters/http/client/http_client_filter.cc +7 -5
- data/src/core/ext/filters/http/client/http_client_filter.h +1 -1
- data/src/core/ext/filters/http/client_authority_filter.cc +6 -3
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +4 -3
- data/src/core/ext/filters/http/server/http_server_filter.cc +18 -12
- data/src/core/ext/filters/max_age/max_age_filter.cc +5 -2
- data/src/core/ext/filters/message_size/message_size_filter.cc +119 -77
- data/src/core/ext/filters/message_size/message_size_filter.h +33 -0
- data/src/core/ext/transport/chttp2/alpn/alpn.h +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +13 -12
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +45 -47
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +134 -143
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +68 -21
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +4 -4
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +7 -6
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +4 -3
- data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +9 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +156 -94
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +33 -37
- data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +3 -2
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -4
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +8 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -4
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +74 -55
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +33 -11
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +3 -2
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +7 -14
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +10 -1
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +9 -5
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +9 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +43 -30
- data/src/core/ext/transport/chttp2/transport/parsing.cc +52 -70
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +70 -33
- data/src/core/ext/transport/inproc/inproc_transport.cc +26 -18
- data/src/core/lib/channel/channel_args.cc +2 -101
- data/src/core/lib/channel/channel_args.h +3 -37
- data/src/core/lib/channel/channel_stack.h +10 -6
- data/src/core/lib/channel/channel_trace.cc +4 -4
- data/src/core/lib/channel/channel_trace.h +4 -4
- data/src/core/lib/channel/channelz.cc +168 -38
- data/src/core/lib/channel/channelz.h +40 -44
- data/src/core/lib/channel/channelz_registry.cc +75 -107
- data/src/core/lib/channel/channelz_registry.h +10 -28
- data/src/core/lib/channel/connected_channel.cc +2 -2
- data/src/core/lib/channel/context.h +2 -2
- data/src/core/lib/channel/handshaker.cc +151 -218
- data/src/core/lib/channel/handshaker.h +110 -101
- data/src/core/lib/channel/handshaker_factory.h +11 -19
- data/src/core/lib/channel/handshaker_registry.cc +67 -51
- data/src/core/lib/channel/handshaker_registry.h +21 -16
- data/src/core/lib/compression/algorithm_metadata.h +3 -3
- data/src/core/lib/compression/compression.cc +14 -9
- data/src/core/lib/compression/compression_args.cc +127 -0
- data/src/core/lib/compression/compression_args.h +55 -0
- data/src/core/lib/compression/compression_internal.cc +16 -12
- data/src/core/lib/compression/compression_internal.h +1 -1
- data/src/core/lib/compression/stream_compression.cc +3 -2
- data/src/core/lib/compression/stream_compression.h +2 -2
- data/src/core/lib/compression/stream_compression_gzip.cc +9 -9
- data/src/core/lib/debug/trace.cc +13 -7
- data/src/core/lib/debug/trace.h +14 -1
- data/src/core/lib/gpr/arena.h +13 -9
- data/src/core/lib/gpr/cpu_posix.cc +5 -3
- data/src/core/lib/gpr/env.h +3 -6
- data/src/core/lib/gpr/env_linux.cc +6 -1
- data/src/core/lib/gpr/env_posix.cc +5 -0
- data/src/core/lib/gpr/env_windows.cc +7 -5
- data/src/core/lib/gpr/log.cc +9 -13
- data/src/core/lib/gpr/log_posix.cc +2 -1
- data/src/core/lib/gpr/string.cc +20 -7
- data/src/core/lib/gpr/string.h +10 -3
- data/src/core/lib/gpr/sync_posix.cc +65 -4
- data/src/core/lib/gpr/time.cc +8 -0
- data/src/core/lib/gpr/time_posix.cc +21 -2
- data/src/core/lib/gprpp/arena.cc +103 -0
- data/src/core/lib/gprpp/arena.h +121 -0
- data/src/core/lib/gprpp/atomic.h +75 -5
- data/src/core/lib/gprpp/fork.cc +13 -32
- data/src/core/lib/gprpp/fork.h +5 -1
- data/src/core/lib/gprpp/global_config.h +96 -0
- data/src/core/lib/gprpp/global_config_custom.h +29 -0
- data/src/core/lib/gprpp/global_config_env.cc +135 -0
- data/src/core/lib/gprpp/global_config_env.h +131 -0
- data/src/core/lib/gprpp/global_config_generic.h +44 -0
- data/src/core/lib/gprpp/inlined_vector.h +8 -0
- data/src/core/lib/gprpp/map.h +436 -0
- data/src/core/lib/gprpp/memory.h +2 -2
- data/src/core/lib/gprpp/optional.h +48 -0
- data/src/core/lib/gprpp/orphanable.h +6 -5
- data/src/core/lib/gprpp/{mutex_lock.h → pair.h} +15 -19
- data/src/core/lib/gprpp/ref_counted.h +36 -17
- data/src/core/lib/gprpp/sync.h +126 -0
- data/src/core/lib/gprpp/thd.h +42 -7
- data/src/core/lib/gprpp/thd_posix.cc +31 -13
- data/src/core/lib/gprpp/thd_windows.cc +47 -34
- data/src/core/lib/http/httpcli.cc +6 -5
- data/src/core/lib/http/httpcli_security_connector.cc +13 -15
- data/src/core/lib/http/parser.cc +3 -2
- data/src/core/lib/http/parser.h +2 -1
- data/src/core/lib/iomgr/buffer_list.cc +182 -24
- data/src/core/lib/iomgr/buffer_list.h +72 -10
- data/src/core/lib/iomgr/call_combiner.cc +84 -90
- data/src/core/lib/iomgr/call_combiner.h +75 -82
- data/src/core/lib/iomgr/cfstream_handle.cc +203 -0
- data/src/core/lib/iomgr/cfstream_handle.h +86 -0
- data/src/core/lib/iomgr/combiner.cc +11 -3
- data/src/core/lib/iomgr/combiner.h +1 -1
- data/src/core/lib/iomgr/endpoint.cc +2 -2
- data/src/core/lib/iomgr/endpoint.h +3 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +375 -0
- data/src/core/lib/iomgr/endpoint_cfstream.h +49 -0
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +2 -2
- data/src/core/lib/iomgr/error.cc +21 -17
- data/src/core/lib/iomgr/error.h +36 -6
- data/src/core/lib/iomgr/error_cfstream.cc +52 -0
- data/src/core/lib/iomgr/error_cfstream.h +31 -0
- data/src/core/lib/iomgr/error_internal.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +44 -28
- data/src/core/lib/iomgr/ev_epollex_linux.cc +173 -194
- data/src/core/lib/iomgr/ev_poll_posix.cc +16 -487
- data/src/core/lib/iomgr/ev_posix.cc +29 -19
- data/src/core/lib/iomgr/ev_posix.h +19 -3
- data/src/core/lib/iomgr/ev_windows.cc +2 -2
- data/src/core/lib/iomgr/exec_ctx.cc +1 -0
- data/src/core/lib/iomgr/exec_ctx.h +137 -8
- data/src/core/lib/iomgr/executor.cc +147 -95
- data/src/core/lib/iomgr/executor.h +55 -49
- data/src/core/lib/iomgr/fork_posix.cc +6 -5
- data/src/core/lib/{gprpp/atomic_with_std.h → iomgr/grpc_if_nametoindex.h} +8 -13
- data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +42 -0
- data/src/core/lib/iomgr/{network_status_tracker.h → grpc_if_nametoindex_unsupported.cc} +15 -9
- data/src/core/lib/iomgr/internal_errqueue.cc +3 -5
- data/src/core/lib/iomgr/internal_errqueue.h +105 -3
- data/src/core/lib/iomgr/iomgr.cc +20 -13
- data/src/core/lib/iomgr/iomgr.h +15 -0
- data/src/core/lib/iomgr/iomgr_custom.cc +17 -3
- data/src/core/lib/iomgr/iomgr_custom.h +2 -0
- data/src/core/lib/iomgr/iomgr_internal.cc +10 -0
- data/src/core/lib/iomgr/iomgr_internal.h +12 -0
- data/src/core/lib/iomgr/iomgr_posix.cc +19 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +93 -0
- data/src/core/lib/iomgr/iomgr_windows.cc +18 -2
- data/src/core/lib/iomgr/lockfree_event.cc +4 -4
- data/src/core/lib/iomgr/port.h +35 -0
- data/src/core/lib/iomgr/resolve_address_posix.cc +4 -3
- data/src/core/lib/iomgr/resolve_address_windows.cc +2 -1
- data/src/core/lib/iomgr/resource_quota.cc +40 -37
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +6 -2
- data/src/core/lib/iomgr/socket_windows.cc +19 -0
- data/src/core/lib/iomgr/socket_windows.h +8 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +216 -0
- data/src/core/lib/iomgr/tcp_client_custom.cc +2 -2
- data/src/core/lib/iomgr/tcp_client_posix.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +7 -5
- data/src/core/lib/iomgr/tcp_custom.cc +10 -14
- data/src/core/lib/iomgr/tcp_posix.cc +256 -140
- data/src/core/lib/iomgr/tcp_server.cc +5 -0
- data/src/core/lib/iomgr/tcp_server.h +24 -0
- data/src/core/lib/iomgr/tcp_server_custom.cc +14 -12
- data/src/core/lib/iomgr/tcp_server_posix.cc +86 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_server_windows.cc +13 -11
- data/src/core/lib/iomgr/tcp_uv.cc +5 -7
- data/src/core/lib/iomgr/tcp_windows.cc +8 -14
- data/src/core/lib/iomgr/timer.h +2 -1
- data/src/core/lib/iomgr/timer_generic.cc +16 -16
- data/src/core/lib/iomgr/timer_manager.cc +20 -11
- data/src/core/lib/iomgr/udp_server.cc +8 -6
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +1 -19
- data/src/core/lib/json/json.cc +1 -4
- data/src/core/lib/profiling/basic_timers.cc +10 -4
- data/src/core/lib/security/context/security_context.cc +6 -7
- data/src/core/lib/security/context/security_context.h +3 -4
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
- data/src/core/lib/security/credentials/composite/composite_credentials.h +4 -0
- data/src/core/lib/security/credentials/credentials.h +9 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +15 -3
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +2 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +2 -1
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +10 -6
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +2 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +3 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +9 -8
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -2
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +192 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +210 -0
- data/src/core/lib/security/credentials/tls/spiffe_credentials.cc +129 -0
- data/src/core/lib/security/credentials/tls/spiffe_credentials.h +62 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +10 -8
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -12
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +7 -5
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +10 -8
- data/src/core/lib/security/security_connector/security_connector.cc +0 -1
- data/src/core/lib/security/security_connector/security_connector.h +3 -3
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +39 -38
- data/src/core/lib/security/security_connector/ssl_utils.cc +164 -26
- data/src/core/lib/security/security_connector/ssl_utils.h +70 -1
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +426 -0
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +122 -0
- data/src/core/lib/security/transport/auth_filters.h +5 -2
- data/src/core/lib/security/transport/client_auth_filter.cc +55 -50
- data/src/core/lib/security/transport/secure_endpoint.cc +6 -6
- data/src/core/lib/security/transport/security_handshaker.cc +271 -303
- data/src/core/lib/security/transport/security_handshaker.h +11 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +3 -3
- data/src/core/lib/slice/b64.h +2 -2
- data/src/core/lib/slice/percent_encoding.cc +3 -3
- data/src/core/lib/slice/percent_encoding.h +3 -3
- data/src/core/lib/slice/slice.cc +174 -122
- data/src/core/lib/slice/slice_buffer.cc +54 -21
- data/src/core/lib/slice/slice_hash_table.h +4 -4
- data/src/core/lib/slice/slice_intern.cc +49 -107
- data/src/core/lib/slice/slice_internal.h +264 -3
- data/src/core/lib/slice/slice_string_helpers.cc +10 -1
- data/src/core/lib/slice/slice_string_helpers.h +3 -1
- data/src/core/lib/slice/slice_utils.h +50 -0
- data/src/core/lib/slice/slice_weak_hash_table.h +6 -6
- data/src/core/lib/surface/api_trace.h +1 -1
- data/src/core/lib/surface/byte_buffer_reader.cc +17 -0
- data/src/core/lib/surface/call.cc +67 -46
- data/src/core/lib/surface/call.h +7 -2
- data/src/core/lib/surface/call_details.cc +0 -1
- data/src/core/lib/surface/channel.cc +89 -97
- data/src/core/lib/surface/channel.h +60 -6
- data/src/core/lib/surface/channel_init.h +5 -0
- data/src/core/lib/surface/completion_queue.cc +221 -216
- data/src/core/lib/surface/completion_queue.h +2 -1
- data/src/core/lib/surface/init.cc +82 -33
- data/src/core/lib/surface/init.h +1 -0
- data/src/core/lib/surface/init_secure.cc +1 -1
- data/src/core/lib/surface/lame_client.cc +5 -7
- data/src/core/lib/surface/server.cc +42 -47
- data/src/core/lib/surface/validate_metadata.cc +14 -8
- data/src/core/lib/surface/validate_metadata.h +13 -2
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/bdp_estimator.cc +3 -3
- data/src/core/lib/transport/bdp_estimator.h +2 -2
- data/src/core/lib/transport/connectivity_state.cc +10 -40
- data/src/core/lib/transport/connectivity_state.h +0 -8
- data/src/core/lib/transport/error_utils.cc +12 -0
- data/src/core/lib/transport/metadata.cc +258 -267
- data/src/core/lib/transport/metadata.h +227 -16
- data/src/core/lib/transport/metadata_batch.cc +1 -1
- data/src/core/lib/transport/metadata_batch.h +1 -1
- data/src/core/lib/transport/static_metadata.cc +477 -399
- data/src/core/lib/transport/static_metadata.h +273 -182
- data/src/core/lib/transport/status_metadata.cc +3 -3
- data/src/core/lib/transport/timeout_encoding.cc +1 -1
- data/src/core/lib/transport/timeout_encoding.h +1 -1
- data/src/core/lib/transport/transport.cc +39 -72
- data/src/core/lib/transport/transport.h +59 -24
- data/src/core/lib/transport/transport_impl.h +1 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +3 -3
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +1 -1
- data/src/core/tsi/alts/handshaker/alts_shared_resource.h +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +4 -3
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +1 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +1 -1
- data/src/core/tsi/fake_transport_security.cc +4 -4
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +12 -10
- data/src/core/tsi/ssl_transport_security.h +24 -4
- data/src/ruby/bin/math_pb.rb +18 -16
- data/src/ruby/ext/grpc/extconf.rb +12 -4
- data/src/ruby/ext/grpc/rb_call_credentials.c +8 -5
- data/src/ruby/ext/grpc/rb_channel.c +14 -10
- data/src/ruby/ext/grpc/rb_channel_credentials.c +8 -4
- data/src/ruby/ext/grpc/rb_compression_options.c +9 -7
- data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc.c +23 -24
- data/src/ruby/ext/grpc/rb_grpc.h +4 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +24 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +36 -0
- data/src/ruby/ext/grpc/rb_server.c +8 -4
- data/src/ruby/lib/grpc/errors.rb +22 -3
- data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/README.md +1 -1
- data/src/ruby/pb/grpc/health/v1/health_pb.rb +13 -10
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +18 -0
- data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +3 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +58 -56
- data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -0
- data/src/ruby/spec/errors_spec.rb +141 -0
- data/third_party/cares/cares/ares.h +12 -0
- data/third_party/cares/cares/ares_create_query.c +5 -1
- data/third_party/cares/cares/ares_data.c +74 -73
- data/third_party/cares/cares/ares_destroy.c +6 -1
- data/third_party/cares/cares/ares_gethostbyaddr.c +5 -5
- data/third_party/cares/cares/ares_gethostbyname.c +15 -4
- data/third_party/cares/cares/ares_getnameinfo.c +11 -0
- data/third_party/cares/cares/ares_init.c +274 -173
- data/third_party/cares/cares/ares_library_init.c +21 -3
- data/third_party/cares/cares/ares_options.c +6 -2
- data/third_party/cares/cares/ares_parse_naptr_reply.c +7 -6
- data/third_party/cares/cares/ares_parse_ptr_reply.c +4 -2
- data/third_party/cares/cares/ares_platform.c +7 -0
- data/third_party/cares/cares/ares_private.h +19 -11
- data/third_party/cares/cares/ares_process.c +27 -2
- data/third_party/cares/cares/ares_rules.h +1 -1
- data/third_party/cares/cares/ares_search.c +7 -0
- data/third_party/cares/cares/ares_send.c +6 -0
- data/third_party/cares/cares/ares_strsplit.c +174 -0
- data/third_party/cares/cares/ares_strsplit.h +43 -0
- data/third_party/cares/cares/ares_version.h +4 -4
- data/third_party/cares/cares/config-win32.h +1 -1
- data/third_party/cares/cares/inet_ntop.c +2 -3
- data/third_party/cares/config_darwin/ares_config.h +3 -0
- data/third_party/cares/config_freebsd/ares_config.h +3 -0
- data/third_party/cares/config_linux/ares_config.h +3 -0
- data/third_party/cares/config_openbsd/ares_config.h +3 -0
- metadata +83 -48
- data/src/core/ext/filters/client_channel/request_routing.cc +0 -936
- data/src/core/ext/filters/client_channel/request_routing.h +0 -177
- data/src/core/ext/filters/client_channel/subchannel_index.cc +0 -248
- data/src/core/ext/filters/client_channel/subchannel_index.h +0 -76
- data/src/core/lib/channel/handshaker_factory.cc +0 -42
- data/src/core/lib/gpr/arena.cc +0 -192
- data/src/core/lib/gprpp/atomic_with_atm.h +0 -57
- data/src/core/lib/iomgr/wakeup_fd_cv.cc +0 -107
- data/src/core/lib/iomgr/wakeup_fd_cv.h +0 -69
- data/src/core/lib/transport/service_config.cc +0 -106
- data/src/core/lib/transport/service_config.h +0 -249
|
@@ -80,8 +80,9 @@ class grpc_alts_channel_security_connector final
|
|
|
80
80
|
|
|
81
81
|
~grpc_alts_channel_security_connector() override { gpr_free(target_name_); }
|
|
82
82
|
|
|
83
|
-
void add_handshakers(
|
|
84
|
-
|
|
83
|
+
void add_handshakers(
|
|
84
|
+
grpc_pollset_set* interested_parties,
|
|
85
|
+
grpc_core::HandshakeManager* handshake_manager) override {
|
|
85
86
|
tsi_handshaker* handshaker = nullptr;
|
|
86
87
|
const grpc_alts_credentials* creds =
|
|
87
88
|
static_cast<const grpc_alts_credentials*>(channel_creds());
|
|
@@ -89,8 +90,8 @@ class grpc_alts_channel_security_connector final
|
|
|
89
90
|
creds->handshaker_service_url(), true,
|
|
90
91
|
interested_parties,
|
|
91
92
|
&handshaker) == TSI_OK);
|
|
92
|
-
|
|
93
|
-
|
|
93
|
+
handshake_manager->Add(
|
|
94
|
+
grpc_core::SecurityHandshakerCreate(handshaker, this));
|
|
94
95
|
}
|
|
95
96
|
|
|
96
97
|
void check_peer(tsi_peer peer, grpc_endpoint* ep,
|
|
@@ -139,16 +140,17 @@ class grpc_alts_server_security_connector final
|
|
|
139
140
|
}
|
|
140
141
|
~grpc_alts_server_security_connector() override = default;
|
|
141
142
|
|
|
142
|
-
void add_handshakers(
|
|
143
|
-
|
|
143
|
+
void add_handshakers(
|
|
144
|
+
grpc_pollset_set* interested_parties,
|
|
145
|
+
grpc_core::HandshakeManager* handshake_manager) override {
|
|
144
146
|
tsi_handshaker* handshaker = nullptr;
|
|
145
147
|
const grpc_alts_server_credentials* creds =
|
|
146
148
|
static_cast<const grpc_alts_server_credentials*>(server_creds());
|
|
147
149
|
GPR_ASSERT(alts_tsi_handshaker_create(
|
|
148
150
|
creds->options(), nullptr, creds->handshaker_service_url(),
|
|
149
151
|
false, interested_parties, &handshaker) == TSI_OK);
|
|
150
|
-
|
|
151
|
-
|
|
152
|
+
handshake_manager->Add(
|
|
153
|
+
grpc_core::SecurityHandshakerCreate(handshaker, this));
|
|
152
154
|
}
|
|
153
155
|
|
|
154
156
|
void check_peer(tsi_peer peer, grpc_endpoint* ep,
|
|
@@ -26,6 +26,8 @@
|
|
|
26
26
|
#include <grpc/support/log.h>
|
|
27
27
|
#include <grpc/support/string_util.h>
|
|
28
28
|
|
|
29
|
+
#include "src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h"
|
|
30
|
+
#include "src/core/ext/filters/client_channel/lb_policy/xds/xds.h"
|
|
29
31
|
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
|
|
30
32
|
#include "src/core/lib/channel/channel_args.h"
|
|
31
33
|
#include "src/core/lib/channel/handshaker.h"
|
|
@@ -53,8 +55,11 @@ class grpc_fake_channel_security_connector final
|
|
|
53
55
|
target_(gpr_strdup(target)),
|
|
54
56
|
expected_targets_(
|
|
55
57
|
gpr_strdup(grpc_fake_transport_get_expected_targets(args))),
|
|
56
|
-
is_lb_channel_(
|
|
57
|
-
|
|
58
|
+
is_lb_channel_(
|
|
59
|
+
grpc_channel_args_find(
|
|
60
|
+
args, GRPC_ARG_ADDRESS_IS_XDS_LOAD_BALANCER) != nullptr ||
|
|
61
|
+
grpc_channel_args_find(
|
|
62
|
+
args, GRPC_ARG_ADDRESS_IS_GRPCLB_LOAD_BALANCER) != nullptr) {
|
|
58
63
|
const grpc_arg* target_name_override_arg =
|
|
59
64
|
grpc_channel_args_find(args, GRPC_SSL_TARGET_NAME_OVERRIDE_ARG);
|
|
60
65
|
if (target_name_override_arg != nullptr) {
|
|
@@ -92,11 +97,9 @@ class grpc_fake_channel_security_connector final
|
|
|
92
97
|
}
|
|
93
98
|
|
|
94
99
|
void add_handshakers(grpc_pollset_set* interested_parties,
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
grpc_security_handshaker_create(
|
|
99
|
-
tsi_create_fake_handshaker(/*is_client=*/true), this));
|
|
100
|
+
grpc_core::HandshakeManager* handshake_mgr) override {
|
|
101
|
+
handshake_mgr->Add(grpc_core::SecurityHandshakerCreate(
|
|
102
|
+
tsi_create_fake_handshaker(/*is_client=*/true), this));
|
|
100
103
|
}
|
|
101
104
|
|
|
102
105
|
bool check_call_host(const char* host, grpc_auth_context* auth_context,
|
|
@@ -273,11 +276,9 @@ class grpc_fake_server_security_connector
|
|
|
273
276
|
}
|
|
274
277
|
|
|
275
278
|
void add_handshakers(grpc_pollset_set* interested_parties,
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
grpc_security_handshaker_create(
|
|
280
|
-
tsi_create_fake_handshaker(/*=is_client*/ false), this));
|
|
279
|
+
grpc_core::HandshakeManager* handshake_mgr) override {
|
|
280
|
+
handshake_mgr->Add(grpc_core::SecurityHandshakerCreate(
|
|
281
|
+
tsi_create_fake_handshaker(/*=is_client*/ false), this));
|
|
281
282
|
}
|
|
282
283
|
|
|
283
284
|
int cmp(const grpc_security_connector* other) const override {
|
|
@@ -38,12 +38,15 @@
|
|
|
38
38
|
#include <grpc/support/log.h>
|
|
39
39
|
#include <grpc/support/string_util.h>
|
|
40
40
|
|
|
41
|
-
#include "src/core/lib/gpr/env.h"
|
|
42
41
|
#include "src/core/lib/gpr/string.h"
|
|
43
42
|
#include "src/core/lib/gpr/useful.h"
|
|
43
|
+
#include "src/core/lib/gprpp/global_config.h"
|
|
44
44
|
#include "src/core/lib/gprpp/inlined_vector.h"
|
|
45
45
|
#include "src/core/lib/iomgr/load_file.h"
|
|
46
46
|
|
|
47
|
+
GPR_GLOBAL_CONFIG_DEFINE_STRING(grpc_system_ssl_roots_dir, "",
|
|
48
|
+
"Custom directory to SSL Roots");
|
|
49
|
+
|
|
47
50
|
namespace grpc_core {
|
|
48
51
|
namespace {
|
|
49
52
|
|
|
@@ -139,10 +142,9 @@ grpc_slice CreateRootCertsBundle(const char* certs_directory) {
|
|
|
139
142
|
grpc_slice LoadSystemRootCerts() {
|
|
140
143
|
grpc_slice result = grpc_empty_slice();
|
|
141
144
|
// Prioritize user-specified custom directory if flag is set.
|
|
142
|
-
char
|
|
143
|
-
if (custom_dir
|
|
144
|
-
result = CreateRootCertsBundle(custom_dir);
|
|
145
|
-
gpr_free(custom_dir);
|
|
145
|
+
UniquePtr<char> custom_dir = GPR_GLOBAL_CONFIG_GET(grpc_system_ssl_roots_dir);
|
|
146
|
+
if (strlen(custom_dir.get()) > 0) {
|
|
147
|
+
result = CreateRootCertsBundle(custom_dir.get());
|
|
146
148
|
}
|
|
147
149
|
// If the custom directory is empty/invalid/not specified, fallback to
|
|
148
150
|
// distribution-specific directory.
|
|
@@ -128,13 +128,14 @@ class grpc_local_channel_security_connector final
|
|
|
128
128
|
|
|
129
129
|
~grpc_local_channel_security_connector() override { gpr_free(target_name_); }
|
|
130
130
|
|
|
131
|
-
void add_handshakers(
|
|
132
|
-
|
|
131
|
+
void add_handshakers(
|
|
132
|
+
grpc_pollset_set* interested_parties,
|
|
133
|
+
grpc_core::HandshakeManager* handshake_manager) override {
|
|
133
134
|
tsi_handshaker* handshaker = nullptr;
|
|
134
135
|
GPR_ASSERT(local_tsi_handshaker_create(true /* is_client */, &handshaker) ==
|
|
135
136
|
TSI_OK);
|
|
136
|
-
|
|
137
|
-
|
|
137
|
+
handshake_manager->Add(
|
|
138
|
+
grpc_core::SecurityHandshakerCreate(handshaker, this));
|
|
138
139
|
}
|
|
139
140
|
|
|
140
141
|
int cmp(const grpc_security_connector* other_sc) const override {
|
|
@@ -184,13 +185,14 @@ class grpc_local_server_security_connector final
|
|
|
184
185
|
: grpc_server_security_connector(nullptr, std::move(server_creds)) {}
|
|
185
186
|
~grpc_local_server_security_connector() override = default;
|
|
186
187
|
|
|
187
|
-
void add_handshakers(
|
|
188
|
-
|
|
188
|
+
void add_handshakers(
|
|
189
|
+
grpc_pollset_set* interested_parties,
|
|
190
|
+
grpc_core::HandshakeManager* handshake_manager) override {
|
|
189
191
|
tsi_handshaker* handshaker = nullptr;
|
|
190
192
|
GPR_ASSERT(local_tsi_handshaker_create(false /* is_client */,
|
|
191
193
|
&handshaker) == TSI_OK);
|
|
192
|
-
|
|
193
|
-
|
|
194
|
+
handshake_manager->Add(
|
|
195
|
+
grpc_core::SecurityHandshakerCreate(handshaker, this));
|
|
194
196
|
}
|
|
195
197
|
|
|
196
198
|
void check_peer(tsi_peer peer, grpc_endpoint* ep,
|
|
@@ -28,7 +28,6 @@
|
|
|
28
28
|
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
|
|
29
29
|
#include "src/core/lib/channel/channel_args.h"
|
|
30
30
|
#include "src/core/lib/channel/handshaker.h"
|
|
31
|
-
#include "src/core/lib/gpr/env.h"
|
|
32
31
|
#include "src/core/lib/gpr/host_port.h"
|
|
33
32
|
#include "src/core/lib/gpr/string.h"
|
|
34
33
|
#include "src/core/lib/iomgr/load_file.h"
|
|
@@ -102,14 +102,14 @@ class grpc_channel_security_connector : public grpc_security_connector {
|
|
|
102
102
|
grpc_auth_context* auth_context,
|
|
103
103
|
grpc_closure* on_call_host_checked,
|
|
104
104
|
grpc_error** error) GRPC_ABSTRACT;
|
|
105
|
-
/// Cancels a pending
|
|
105
|
+
/// Cancels a pending asynchronous call to
|
|
106
106
|
/// grpc_channel_security_connector_check_call_host() with
|
|
107
107
|
/// \a on_call_host_checked as its callback.
|
|
108
108
|
virtual void cancel_check_call_host(grpc_closure* on_call_host_checked,
|
|
109
109
|
grpc_error* error) GRPC_ABSTRACT;
|
|
110
110
|
/// Registers handshakers with \a handshake_mgr.
|
|
111
111
|
virtual void add_handshakers(grpc_pollset_set* interested_parties,
|
|
112
|
-
|
|
112
|
+
grpc_core::HandshakeManager* handshake_mgr)
|
|
113
113
|
GRPC_ABSTRACT;
|
|
114
114
|
|
|
115
115
|
const grpc_channel_credentials* channel_creds() const {
|
|
@@ -150,7 +150,7 @@ class grpc_server_security_connector : public grpc_security_connector {
|
|
|
150
150
|
~grpc_server_security_connector() override = default;
|
|
151
151
|
|
|
152
152
|
virtual void add_handshakers(grpc_pollset_set* interested_parties,
|
|
153
|
-
|
|
153
|
+
grpc_core::HandshakeManager* handshake_mgr)
|
|
154
154
|
GRPC_ABSTRACT;
|
|
155
155
|
|
|
156
156
|
const grpc_server_credentials* server_creds() const {
|
|
@@ -44,24 +44,15 @@ namespace {
|
|
|
44
44
|
grpc_error* ssl_check_peer(
|
|
45
45
|
const char* peer_name, const tsi_peer* peer,
|
|
46
46
|
grpc_core::RefCountedPtr<grpc_auth_context>* auth_context) {
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
tsi_peer_get_property_by_name(peer, TSI_SSL_ALPN_SELECTED_PROTOCOL);
|
|
51
|
-
if (p == nullptr) {
|
|
52
|
-
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
53
|
-
"Cannot check peer: missing selected ALPN property.");
|
|
54
|
-
}
|
|
55
|
-
if (!grpc_chttp2_is_alpn_version_supported(p->value.data, p->value.length)) {
|
|
56
|
-
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
57
|
-
"Cannot check peer: invalid ALPN value.");
|
|
47
|
+
grpc_error* error = grpc_ssl_check_alpn(peer);
|
|
48
|
+
if (error != GRPC_ERROR_NONE) {
|
|
49
|
+
return error;
|
|
58
50
|
}
|
|
59
|
-
#endif /* TSI_OPENSSL_ALPN_SUPPORT */
|
|
60
51
|
/* Check the peer name if specified. */
|
|
61
52
|
if (peer_name != nullptr && !grpc_ssl_host_matches_name(peer, peer_name)) {
|
|
62
53
|
char* msg;
|
|
63
54
|
gpr_asprintf(&msg, "Peer name %s is not in peer certificate", peer_name);
|
|
64
|
-
|
|
55
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg);
|
|
65
56
|
gpr_free(msg);
|
|
66
57
|
return error;
|
|
67
58
|
}
|
|
@@ -104,7 +95,6 @@ class grpc_ssl_channel_security_connector final
|
|
|
104
95
|
config->pem_key_cert_pair->private_key != nullptr &&
|
|
105
96
|
config->pem_key_cert_pair->cert_chain != nullptr;
|
|
106
97
|
tsi_ssl_client_handshaker_options options;
|
|
107
|
-
memset(&options, 0, sizeof(options));
|
|
108
98
|
GPR_DEBUG_ASSERT(pem_root_certs != nullptr);
|
|
109
99
|
options.pem_root_certs = pem_root_certs;
|
|
110
100
|
options.root_store = root_store;
|
|
@@ -128,7 +118,7 @@ class grpc_ssl_channel_security_connector final
|
|
|
128
118
|
}
|
|
129
119
|
|
|
130
120
|
void add_handshakers(grpc_pollset_set* interested_parties,
|
|
131
|
-
|
|
121
|
+
grpc_core::HandshakeManager* handshake_mgr) override {
|
|
132
122
|
// Instantiate TSI handshaker.
|
|
133
123
|
tsi_handshaker* tsi_hs = nullptr;
|
|
134
124
|
tsi_result result = tsi_ssl_client_handshaker_factory_create_handshaker(
|
|
@@ -142,8 +132,7 @@ class grpc_ssl_channel_security_connector final
|
|
|
142
132
|
return;
|
|
143
133
|
}
|
|
144
134
|
// Create handshakers.
|
|
145
|
-
|
|
146
|
-
grpc_security_handshaker_create(tsi_hs, this));
|
|
135
|
+
handshake_mgr->Add(grpc_core::SecurityHandshakerCreate(tsi_hs, this));
|
|
147
136
|
}
|
|
148
137
|
|
|
149
138
|
void check_peer(tsi_peer peer, grpc_endpoint* ep,
|
|
@@ -263,15 +252,22 @@ class grpc_ssl_server_security_connector
|
|
|
263
252
|
size_t num_alpn_protocols = 0;
|
|
264
253
|
const char** alpn_protocol_strings =
|
|
265
254
|
grpc_fill_alpn_protocol_strings(&num_alpn_protocols);
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
server_credentials->config().
|
|
269
|
-
|
|
255
|
+
tsi_ssl_server_handshaker_options options;
|
|
256
|
+
options.pem_key_cert_pairs =
|
|
257
|
+
server_credentials->config().pem_key_cert_pairs;
|
|
258
|
+
options.num_key_cert_pairs =
|
|
259
|
+
server_credentials->config().num_key_cert_pairs;
|
|
260
|
+
options.pem_client_root_certs =
|
|
261
|
+
server_credentials->config().pem_root_certs;
|
|
262
|
+
options.client_certificate_request =
|
|
270
263
|
grpc_get_tsi_client_certificate_request_type(
|
|
271
|
-
server_credentials->config().client_certificate_request)
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
264
|
+
server_credentials->config().client_certificate_request);
|
|
265
|
+
options.cipher_suites = grpc_get_ssl_cipher_suites();
|
|
266
|
+
options.alpn_protocols = alpn_protocol_strings;
|
|
267
|
+
options.num_alpn_protocols = static_cast<uint16_t>(num_alpn_protocols);
|
|
268
|
+
const tsi_result result =
|
|
269
|
+
tsi_create_ssl_server_handshaker_factory_with_options(
|
|
270
|
+
&options, &server_handshaker_factory_);
|
|
275
271
|
gpr_free((void*)alpn_protocol_strings);
|
|
276
272
|
if (result != TSI_OK) {
|
|
277
273
|
gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
|
|
@@ -283,7 +279,7 @@ class grpc_ssl_server_security_connector
|
|
|
283
279
|
}
|
|
284
280
|
|
|
285
281
|
void add_handshakers(grpc_pollset_set* interested_parties,
|
|
286
|
-
|
|
282
|
+
grpc_core::HandshakeManager* handshake_mgr) override {
|
|
287
283
|
// Instantiate TSI handshaker.
|
|
288
284
|
try_fetch_ssl_server_credentials();
|
|
289
285
|
tsi_handshaker* tsi_hs = nullptr;
|
|
@@ -295,8 +291,7 @@ class grpc_ssl_server_security_connector
|
|
|
295
291
|
return;
|
|
296
292
|
}
|
|
297
293
|
// Create handshakers.
|
|
298
|
-
|
|
299
|
-
grpc_security_handshaker_create(tsi_hs, this));
|
|
294
|
+
handshake_mgr->Add(grpc_core::SecurityHandshakerCreate(tsi_hs, this));
|
|
300
295
|
}
|
|
301
296
|
|
|
302
297
|
void check_peer(tsi_peer peer, grpc_endpoint* ep,
|
|
@@ -315,11 +310,10 @@ class grpc_ssl_server_security_connector
|
|
|
315
310
|
private:
|
|
316
311
|
/* Attempts to fetch the server certificate config if a callback is available.
|
|
317
312
|
* Current certificate config will continue to be used if the callback returns
|
|
318
|
-
* an error. Returns true if new credentials were
|
|
313
|
+
* an error. Returns true if new credentials were successfully loaded. */
|
|
319
314
|
bool try_fetch_ssl_server_credentials() {
|
|
320
315
|
grpc_ssl_server_certificate_config* certificate_config = nullptr;
|
|
321
316
|
bool status;
|
|
322
|
-
|
|
323
317
|
if (!has_cert_config_fetcher()) return false;
|
|
324
318
|
|
|
325
319
|
grpc_ssl_server_credentials* server_creds =
|
|
@@ -362,19 +356,26 @@ class grpc_ssl_server_security_connector
|
|
|
362
356
|
size_t num_alpn_protocols = 0;
|
|
363
357
|
const char** alpn_protocol_strings =
|
|
364
358
|
grpc_fill_alpn_protocol_strings(&num_alpn_protocols);
|
|
365
|
-
tsi_ssl_pem_key_cert_pair* cert_pairs = grpc_convert_grpc_to_tsi_cert_pairs(
|
|
366
|
-
config->pem_key_cert_pairs, config->num_key_cert_pairs);
|
|
367
359
|
tsi_ssl_server_handshaker_factory* new_handshaker_factory = nullptr;
|
|
368
360
|
const grpc_ssl_server_credentials* server_creds =
|
|
369
361
|
static_cast<const grpc_ssl_server_credentials*>(this->server_creds());
|
|
370
362
|
GPR_DEBUG_ASSERT(config->pem_root_certs != nullptr);
|
|
371
|
-
|
|
372
|
-
|
|
363
|
+
tsi_ssl_server_handshaker_options options;
|
|
364
|
+
options.pem_key_cert_pairs = grpc_convert_grpc_to_tsi_cert_pairs(
|
|
365
|
+
config->pem_key_cert_pairs, config->num_key_cert_pairs);
|
|
366
|
+
options.num_key_cert_pairs = config->num_key_cert_pairs;
|
|
367
|
+
options.pem_client_root_certs = config->pem_root_certs;
|
|
368
|
+
options.client_certificate_request =
|
|
373
369
|
grpc_get_tsi_client_certificate_request_type(
|
|
374
|
-
server_creds->config().client_certificate_request)
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
370
|
+
server_creds->config().client_certificate_request);
|
|
371
|
+
options.cipher_suites = grpc_get_ssl_cipher_suites();
|
|
372
|
+
options.alpn_protocols = alpn_protocol_strings;
|
|
373
|
+
options.num_alpn_protocols = static_cast<uint16_t>(num_alpn_protocols);
|
|
374
|
+
tsi_result result = tsi_create_ssl_server_handshaker_factory_with_options(
|
|
375
|
+
&options, &new_handshaker_factory);
|
|
376
|
+
grpc_tsi_ssl_pem_key_cert_pairs_destroy(
|
|
377
|
+
const_cast<tsi_ssl_pem_key_cert_pair*>(options.pem_key_cert_pairs),
|
|
378
|
+
options.num_key_cert_pairs);
|
|
378
379
|
gpr_free((void*)alpn_protocol_strings);
|
|
379
380
|
|
|
380
381
|
if (result != TSI_OK) {
|
|
@@ -27,9 +27,9 @@
|
|
|
27
27
|
|
|
28
28
|
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
|
|
29
29
|
#include "src/core/lib/channel/channel_args.h"
|
|
30
|
-
#include "src/core/lib/gpr/env.h"
|
|
31
30
|
#include "src/core/lib/gpr/host_port.h"
|
|
32
31
|
#include "src/core/lib/gpr/string.h"
|
|
32
|
+
#include "src/core/lib/gprpp/global_config.h"
|
|
33
33
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
|
34
34
|
#include "src/core/lib/iomgr/load_file.h"
|
|
35
35
|
#include "src/core/lib/security/context/security_context.h"
|
|
@@ -45,11 +45,16 @@ static const char* installed_roots_path =
|
|
|
45
45
|
INSTALL_PREFIX "/share/grpc/roots.pem";
|
|
46
46
|
#endif
|
|
47
47
|
|
|
48
|
-
/**
|
|
48
|
+
/** Config variable that points to the default SSL roots file. This file
|
|
49
|
+
must be a PEM encoded file with all the roots such as the one that can be
|
|
50
|
+
downloaded from https://pki.google.com/roots.pem. */
|
|
51
|
+
GPR_GLOBAL_CONFIG_DEFINE_STRING(grpc_default_ssl_roots_file_path, "",
|
|
52
|
+
"Path to the default SSL roots file.");
|
|
53
|
+
|
|
54
|
+
/** Config variable used as a flag to enable/disable loading system root
|
|
49
55
|
certificates from the OS trust store. */
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
#endif
|
|
56
|
+
GPR_GLOBAL_CONFIG_DEFINE_BOOL(grpc_not_use_system_ssl_roots, false,
|
|
57
|
+
"Disable loading system root certificates.");
|
|
53
58
|
|
|
54
59
|
#ifndef TSI_OPENSSL_ALPN_SUPPORT
|
|
55
60
|
#define TSI_OPENSSL_ALPN_SUPPORT 1
|
|
@@ -65,20 +70,22 @@ void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb) {
|
|
|
65
70
|
|
|
66
71
|
/* -- Cipher suites. -- */
|
|
67
72
|
|
|
68
|
-
/* Defines the cipher suites that we accept by default. All these cipher suites
|
|
69
|
-
are compliant with HTTP2. */
|
|
70
|
-
#define GRPC_SSL_CIPHER_SUITES \
|
|
71
|
-
"ECDHE-ECDSA-AES128-GCM-SHA256:" \
|
|
72
|
-
"ECDHE-ECDSA-AES256-GCM-SHA384:" \
|
|
73
|
-
"ECDHE-RSA-AES128-GCM-SHA256:" \
|
|
74
|
-
"ECDHE-RSA-AES256-GCM-SHA384"
|
|
75
|
-
|
|
76
73
|
static gpr_once cipher_suites_once = GPR_ONCE_INIT;
|
|
77
74
|
static const char* cipher_suites = nullptr;
|
|
78
75
|
|
|
76
|
+
// All cipher suites for default are compliant with HTTP2.
|
|
77
|
+
GPR_GLOBAL_CONFIG_DEFINE_STRING(
|
|
78
|
+
grpc_ssl_cipher_suites,
|
|
79
|
+
"ECDHE-ECDSA-AES128-GCM-SHA256:"
|
|
80
|
+
"ECDHE-ECDSA-AES256-GCM-SHA384:"
|
|
81
|
+
"ECDHE-RSA-AES128-GCM-SHA256:"
|
|
82
|
+
"ECDHE-RSA-AES256-GCM-SHA384",
|
|
83
|
+
"A colon separated list of cipher suites to use with OpenSSL")
|
|
84
|
+
|
|
79
85
|
static void init_cipher_suites(void) {
|
|
80
|
-
char
|
|
81
|
-
|
|
86
|
+
grpc_core::UniquePtr<char> value =
|
|
87
|
+
GPR_GLOBAL_CONFIG_GET(grpc_ssl_cipher_suites);
|
|
88
|
+
cipher_suites = value.release();
|
|
82
89
|
}
|
|
83
90
|
|
|
84
91
|
/* --- Util --- */
|
|
@@ -112,6 +119,55 @@ grpc_get_tsi_client_certificate_request_type(
|
|
|
112
119
|
}
|
|
113
120
|
}
|
|
114
121
|
|
|
122
|
+
grpc_error* grpc_ssl_check_alpn(const tsi_peer* peer) {
|
|
123
|
+
#if TSI_OPENSSL_ALPN_SUPPORT
|
|
124
|
+
/* Check the ALPN if ALPN is supported. */
|
|
125
|
+
const tsi_peer_property* p =
|
|
126
|
+
tsi_peer_get_property_by_name(peer, TSI_SSL_ALPN_SELECTED_PROTOCOL);
|
|
127
|
+
if (p == nullptr) {
|
|
128
|
+
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
129
|
+
"Cannot check peer: missing selected ALPN property.");
|
|
130
|
+
}
|
|
131
|
+
if (!grpc_chttp2_is_alpn_version_supported(p->value.data, p->value.length)) {
|
|
132
|
+
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
133
|
+
"Cannot check peer: invalid ALPN value.");
|
|
134
|
+
}
|
|
135
|
+
#endif /* TSI_OPENSSL_ALPN_SUPPORT */
|
|
136
|
+
return GRPC_ERROR_NONE;
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
grpc_error* grpc_ssl_check_peer_name(const char* peer_name,
|
|
140
|
+
const tsi_peer* peer) {
|
|
141
|
+
/* Check the peer name if specified. */
|
|
142
|
+
if (peer_name != nullptr && !grpc_ssl_host_matches_name(peer, peer_name)) {
|
|
143
|
+
char* msg;
|
|
144
|
+
gpr_asprintf(&msg, "Peer name %s is not in peer certificate", peer_name);
|
|
145
|
+
grpc_error* error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg);
|
|
146
|
+
gpr_free(msg);
|
|
147
|
+
return error;
|
|
148
|
+
}
|
|
149
|
+
return GRPC_ERROR_NONE;
|
|
150
|
+
}
|
|
151
|
+
|
|
152
|
+
bool grpc_ssl_check_call_host(const char* host, const char* target_name,
|
|
153
|
+
const char* overridden_target_name,
|
|
154
|
+
grpc_auth_context* auth_context,
|
|
155
|
+
grpc_closure* on_call_host_checked,
|
|
156
|
+
grpc_error** error) {
|
|
157
|
+
grpc_security_status status = GRPC_SECURITY_ERROR;
|
|
158
|
+
tsi_peer peer = grpc_shallow_peer_from_ssl_auth_context(auth_context);
|
|
159
|
+
if (grpc_ssl_host_matches_name(&peer, host)) status = GRPC_SECURITY_OK;
|
|
160
|
+
if (overridden_target_name != nullptr && strcmp(host, target_name) == 0) {
|
|
161
|
+
status = GRPC_SECURITY_OK;
|
|
162
|
+
}
|
|
163
|
+
if (status != GRPC_SECURITY_OK) {
|
|
164
|
+
*error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
|
|
165
|
+
"call host does not match SSL server name");
|
|
166
|
+
}
|
|
167
|
+
grpc_shallow_peer_destruct(&peer);
|
|
168
|
+
return true;
|
|
169
|
+
}
|
|
170
|
+
|
|
115
171
|
const char** grpc_fill_alpn_protocol_strings(size_t* num_alpn_protocols) {
|
|
116
172
|
GPR_ASSERT(num_alpn_protocols != nullptr);
|
|
117
173
|
*num_alpn_protocols = grpc_chttp2_num_alpn_versions();
|
|
@@ -142,6 +198,18 @@ int grpc_ssl_host_matches_name(const tsi_peer* peer, const char* peer_name) {
|
|
|
142
198
|
return r;
|
|
143
199
|
}
|
|
144
200
|
|
|
201
|
+
bool grpc_ssl_cmp_target_name(const char* target_name,
|
|
202
|
+
const char* other_target_name,
|
|
203
|
+
const char* overridden_target_name,
|
|
204
|
+
const char* other_overridden_target_name) {
|
|
205
|
+
int c = strcmp(target_name, other_target_name);
|
|
206
|
+
if (c != 0) return c;
|
|
207
|
+
return (overridden_target_name == nullptr ||
|
|
208
|
+
other_overridden_target_name == nullptr)
|
|
209
|
+
? GPR_ICMP(overridden_target_name, other_overridden_target_name)
|
|
210
|
+
: strcmp(overridden_target_name, other_overridden_target_name);
|
|
211
|
+
}
|
|
212
|
+
|
|
145
213
|
grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context(
|
|
146
214
|
const tsi_peer* peer) {
|
|
147
215
|
size_t i;
|
|
@@ -230,6 +298,79 @@ void grpc_shallow_peer_destruct(tsi_peer* peer) {
|
|
|
230
298
|
if (peer->properties != nullptr) gpr_free(peer->properties);
|
|
231
299
|
}
|
|
232
300
|
|
|
301
|
+
grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init(
|
|
302
|
+
tsi_ssl_pem_key_cert_pair* pem_key_cert_pair, const char* pem_root_certs,
|
|
303
|
+
tsi_ssl_session_cache* ssl_session_cache,
|
|
304
|
+
tsi_ssl_client_handshaker_factory** handshaker_factory) {
|
|
305
|
+
const char* root_certs;
|
|
306
|
+
const tsi_ssl_root_certs_store* root_store;
|
|
307
|
+
if (pem_root_certs == nullptr) {
|
|
308
|
+
// Use default root certificates.
|
|
309
|
+
root_certs = grpc_core::DefaultSslRootStore::GetPemRootCerts();
|
|
310
|
+
if (root_certs == nullptr) {
|
|
311
|
+
gpr_log(GPR_ERROR, "Could not get default pem root certs.");
|
|
312
|
+
return GRPC_SECURITY_ERROR;
|
|
313
|
+
}
|
|
314
|
+
root_store = grpc_core::DefaultSslRootStore::GetRootStore();
|
|
315
|
+
} else {
|
|
316
|
+
root_certs = pem_root_certs;
|
|
317
|
+
root_store = nullptr;
|
|
318
|
+
}
|
|
319
|
+
bool has_key_cert_pair = pem_key_cert_pair != nullptr &&
|
|
320
|
+
pem_key_cert_pair->private_key != nullptr &&
|
|
321
|
+
pem_key_cert_pair->cert_chain != nullptr;
|
|
322
|
+
tsi_ssl_client_handshaker_options options;
|
|
323
|
+
GPR_DEBUG_ASSERT(root_certs != nullptr);
|
|
324
|
+
options.pem_root_certs = root_certs;
|
|
325
|
+
options.root_store = root_store;
|
|
326
|
+
options.alpn_protocols =
|
|
327
|
+
grpc_fill_alpn_protocol_strings(&options.num_alpn_protocols);
|
|
328
|
+
if (has_key_cert_pair) {
|
|
329
|
+
options.pem_key_cert_pair = pem_key_cert_pair;
|
|
330
|
+
}
|
|
331
|
+
options.cipher_suites = grpc_get_ssl_cipher_suites();
|
|
332
|
+
options.session_cache = ssl_session_cache;
|
|
333
|
+
const tsi_result result =
|
|
334
|
+
tsi_create_ssl_client_handshaker_factory_with_options(&options,
|
|
335
|
+
handshaker_factory);
|
|
336
|
+
gpr_free((void*)options.alpn_protocols);
|
|
337
|
+
if (result != TSI_OK) {
|
|
338
|
+
gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
|
|
339
|
+
tsi_result_to_string(result));
|
|
340
|
+
return GRPC_SECURITY_ERROR;
|
|
341
|
+
}
|
|
342
|
+
return GRPC_SECURITY_OK;
|
|
343
|
+
}
|
|
344
|
+
|
|
345
|
+
grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
|
|
346
|
+
tsi_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs,
|
|
347
|
+
const char* pem_root_certs,
|
|
348
|
+
grpc_ssl_client_certificate_request_type client_certificate_request,
|
|
349
|
+
tsi_ssl_server_handshaker_factory** handshaker_factory) {
|
|
350
|
+
size_t num_alpn_protocols = 0;
|
|
351
|
+
const char** alpn_protocol_strings =
|
|
352
|
+
grpc_fill_alpn_protocol_strings(&num_alpn_protocols);
|
|
353
|
+
tsi_ssl_server_handshaker_options options;
|
|
354
|
+
options.pem_key_cert_pairs = pem_key_cert_pairs;
|
|
355
|
+
options.num_key_cert_pairs = num_key_cert_pairs;
|
|
356
|
+
options.pem_client_root_certs = pem_root_certs;
|
|
357
|
+
options.client_certificate_request =
|
|
358
|
+
grpc_get_tsi_client_certificate_request_type(client_certificate_request);
|
|
359
|
+
options.cipher_suites = grpc_get_ssl_cipher_suites();
|
|
360
|
+
options.alpn_protocols = alpn_protocol_strings;
|
|
361
|
+
options.num_alpn_protocols = static_cast<uint16_t>(num_alpn_protocols);
|
|
362
|
+
const tsi_result result =
|
|
363
|
+
tsi_create_ssl_server_handshaker_factory_with_options(&options,
|
|
364
|
+
handshaker_factory);
|
|
365
|
+
gpr_free((void*)alpn_protocol_strings);
|
|
366
|
+
if (result != TSI_OK) {
|
|
367
|
+
gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
|
|
368
|
+
tsi_result_to_string(result));
|
|
369
|
+
return GRPC_SECURITY_ERROR;
|
|
370
|
+
}
|
|
371
|
+
return GRPC_SECURITY_OK;
|
|
372
|
+
}
|
|
373
|
+
|
|
233
374
|
/* --- Ssl cache implementation. --- */
|
|
234
375
|
|
|
235
376
|
grpc_ssl_session_cache* grpc_ssl_session_cache_create_lru(size_t capacity) {
|
|
@@ -294,17 +435,14 @@ const char* DefaultSslRootStore::GetPemRootCerts() {
|
|
|
294
435
|
|
|
295
436
|
grpc_slice DefaultSslRootStore::ComputePemRootCerts() {
|
|
296
437
|
grpc_slice result = grpc_empty_slice();
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
GRPC_LOG_IF_ERROR("load_file",
|
|
306
|
-
grpc_load_file(default_root_certs_path, 1, &result));
|
|
307
|
-
gpr_free(default_root_certs_path);
|
|
438
|
+
const bool not_use_system_roots =
|
|
439
|
+
GPR_GLOBAL_CONFIG_GET(grpc_not_use_system_ssl_roots);
|
|
440
|
+
// First try to load the roots from the configuration.
|
|
441
|
+
UniquePtr<char> default_root_certs_path =
|
|
442
|
+
GPR_GLOBAL_CONFIG_GET(grpc_default_ssl_roots_file_path);
|
|
443
|
+
if (strlen(default_root_certs_path.get()) > 0) {
|
|
444
|
+
GRPC_LOG_IF_ERROR(
|
|
445
|
+
"load_file", grpc_load_file(default_root_certs_path.get(), 1, &result));
|
|
308
446
|
}
|
|
309
447
|
// Try overridden roots if needed.
|
|
310
448
|
grpc_ssl_roots_override_result ovrd_res = GRPC_SSL_ROOTS_OVERRIDE_FAIL;
|