grpc 1.27.0.pre1 → 1.30.1

data/src/core/lib/uri/uri_parser.h

@@ -23,7 +23,7 @@
 
 #include <stddef.h>
 
-typedef struct {
+struct grpc_uri {
   char* scheme;
   char* authority;
   char* path;
@@ -35,8 +35,7 @@ typedef struct {
   /** Split each query part by '='. NULL if not present. */
   char** query_parts_values;
   char* fragment;
-} grpc_uri;
-
+};
 /** parse a uri, return NULL on failure */
 grpc_uri* grpc_uri_parse(const char* uri_text, bool suppress_errors);
 

data/src/core/plugin_registry/grpc_plugin_registry.cc

@@ -36,8 +36,16 @@ void grpc_lb_policy_grpclb_init(void);
 void grpc_lb_policy_grpclb_shutdown(void);
 void grpc_lb_policy_cds_init(void);
 void grpc_lb_policy_cds_shutdown(void);
-void grpc_lb_policy_xds_init(void);
-void grpc_lb_policy_xds_shutdown(void);
+void grpc_lb_policy_eds_init(void);
+void grpc_lb_policy_eds_shutdown(void);
+void grpc_lb_policy_lrs_init(void);
+void grpc_lb_policy_lrs_shutdown(void);
+void grpc_lb_policy_priority_init(void);
+void grpc_lb_policy_priority_shutdown(void);
+void grpc_lb_policy_weighted_target_init(void);
+void grpc_lb_policy_weighted_target_shutdown(void);
+void grpc_lb_policy_xds_routing_init(void);
+void grpc_lb_policy_xds_routing_shutdown(void);
 void grpc_lb_policy_pick_first_init(void);
 void grpc_lb_policy_pick_first_shutdown(void);
 void grpc_lb_policy_round_robin_init(void);
@@ -78,8 +86,16 @@ void grpc_register_built_in_plugins(void) {
                        grpc_lb_policy_grpclb_shutdown);
   grpc_register_plugin(grpc_lb_policy_cds_init,
                        grpc_lb_policy_cds_shutdown);
-  grpc_register_plugin(grpc_lb_policy_xds_init,
-                       grpc_lb_policy_xds_shutdown);
+  grpc_register_plugin(grpc_lb_policy_eds_init,
+                       grpc_lb_policy_eds_shutdown);
+  grpc_register_plugin(grpc_lb_policy_lrs_init,
+                       grpc_lb_policy_lrs_shutdown);
+  grpc_register_plugin(grpc_lb_policy_priority_init,
+                       grpc_lb_policy_priority_shutdown);
+  grpc_register_plugin(grpc_lb_policy_weighted_target_init,
+                       grpc_lb_policy_weighted_target_shutdown);
+  grpc_register_plugin(grpc_lb_policy_xds_routing_init,
+                       grpc_lb_policy_xds_routing_shutdown);
   grpc_register_plugin(grpc_lb_policy_pick_first_init,
                        grpc_lb_policy_pick_first_shutdown);
   grpc_register_plugin(grpc_lb_policy_round_robin_init,

data/src/core/tsi/alts/crypt/aes_gcm.cc

@@ -18,8 +18,6 @@
 
 #include <grpc/support/port_platform.h>
 
-#include "src/core/tsi/grpc_shadow_boringssl.h"
-
 #include "src/core/tsi/alts/crypt/gsec.h"
 
 #include <openssl/bio.h>

data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc

@@ -102,6 +102,8 @@ typedef struct alts_grpc_handshaker_client {
   bool receive_status_finished;
   /* if non-null, contains arguments to complete a TSI next callback. */
   recv_message_result* pending_recv_message_result;
+  /* Maximum frame size used by frame protector. */
+  size_t max_frame_size;
 } alts_grpc_handshaker_client;
 
 static void handshaker_client_send_buffer_destroy(
@@ -506,6 +508,8 @@ static grpc_byte_buffer* get_serialized_start_client(
                                           upb_strview_makez(ptr->data));
     ptr = ptr->next;
   }
+  grpc_gcp_StartClientHandshakeReq_set_max_frame_size(
+      start_client, static_cast<uint32_t>(client->max_frame_size));
   return get_serialized_handshaker_req(req, arena.ptr());
 }
 
@@ -565,6 +569,8 @@ static grpc_byte_buffer* get_serialized_start_server(
                                                             arena.ptr());
   grpc_gcp_RpcProtocolVersions_assign_from_struct(
       server_version, arena.ptr(), &client->options->rpc_versions);
+  grpc_gcp_StartServerHandshakeReq_set_max_frame_size(
+      start_server, static_cast<uint32_t>(client->max_frame_size));
   return get_serialized_handshaker_req(req, arena.ptr());
 }
 
@@ -637,7 +643,7 @@ static void handshaker_client_shutdown(alts_handshaker_client* c) {
   }
 }
 
-static void handshaker_call_unref(void* arg, grpc_error* error) {
+static void handshaker_call_unref(void* arg, grpc_error* /* error */) {
   grpc_call* call = static_cast<grpc_call*>(arg);
   grpc_call_unref(call);
 }
@@ -674,7 +680,7 @@ alts_handshaker_client* alts_grpc_handshaker_client_create(
     grpc_alts_credentials_options* options, const grpc_slice& target_name,
     grpc_iomgr_cb_func grpc_cb, tsi_handshaker_on_next_done_cb cb,
     void* user_data, alts_handshaker_client_vtable* vtable_for_testing,
-    bool is_client) {
+    bool is_client, size_t max_frame_size) {
   if (channel == nullptr || handshaker_service_url == nullptr) {
     gpr_log(GPR_ERROR, "Invalid arguments to alts_handshaker_client_create()");
     return nullptr;
@@ -694,6 +700,7 @@ alts_handshaker_client* alts_grpc_handshaker_client_create(
   client->recv_bytes = grpc_empty_slice();
   grpc_metadata_array_init(&client->recv_initial_metadata);
   client->is_client = is_client;
+  client->max_frame_size = max_frame_size;
   client->buffer_size = TSI_ALTS_INITIAL_BUFFER_SIZE;
   client->buffer = static_cast<unsigned char*>(gpr_zalloc(client->buffer_size));
   grpc_slice slice = grpc_slice_from_copied_string(handshaker_service_url);

data/src/core/tsi/alts/handshaker/alts_handshaker_client.h

@@ -117,7 +117,7 @@ void alts_handshaker_client_destroy(alts_handshaker_client* client);
  * This method creates an ALTS handshaker client.
  *
  * - handshaker: ALTS TSI handshaker to which the created handshaker client
- * belongs to.
+ *   belongs to.
  * - channel: grpc channel to ALTS handshaker service.
  * - handshaker_service_url: address of ALTS handshaker service in the format of
  *   "host:port".
@@ -132,8 +132,12 @@ void alts_handshaker_client_destroy(alts_handshaker_client* client);
  * - vtable_for_testing: ALTS handshaker client vtable instance used for
  *   testing purpose.
  * - is_client: a boolean value indicating if the created handshaker client is
- * used at the client (is_client = true) or server (is_client = false) side. It
- * returns the created ALTS handshaker client on success, and NULL on failure.
+ *   used at the client (is_client = true) or server (is_client = false) side.
+ * - max_frame_size: Maximum frame size used by frame protector (User specified
+ *   maximum frame size if present or default max frame size).
+ *
+ * It returns the created ALTS handshaker client on success, and NULL
+ * on failure.
  */
 alts_handshaker_client* alts_grpc_handshaker_client_create(
     alts_tsi_handshaker* handshaker, grpc_channel* channel,
@@ -141,7 +145,7 @@ alts_handshaker_client* alts_grpc_handshaker_client_create(
     grpc_alts_credentials_options* options, const grpc_slice& target_name,
     grpc_iomgr_cb_func grpc_cb, tsi_handshaker_on_next_done_cb cb,
     void* user_data, alts_handshaker_client_vtable* vtable_for_testing,
-    bool is_client);
+    bool is_client, size_t max_frame_size);
 
 /**
  * This method handles handshaker response returned from ALTS handshaker

data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc

@@ -63,6 +63,8 @@ struct alts_tsi_handshaker {
   // shutdown effectively follows base.handshake_shutdown,
   // but is synchronized by the mutex of this object.
   bool shutdown;
+  // Maximum frame size used by frame protector.
+  size_t max_frame_size;
 };
 
 /* Main struct for ALTS TSI handshaker result. */
@@ -75,6 +77,8 @@ typedef struct alts_tsi_handshaker_result {
   grpc_slice rpc_versions;
   bool is_client;
   grpc_slice serialized_context;
+  // Peer's maximum frame size.
+  size_t max_frame_size;
 } alts_tsi_handshaker_result;
 
 static tsi_result handshaker_result_extract_peer(
@@ -156,6 +160,26 @@ static tsi_result handshaker_result_create_zero_copy_grpc_protector(
   alts_tsi_handshaker_result* result =
       reinterpret_cast<alts_tsi_handshaker_result*>(
           const_cast<tsi_handshaker_result*>(self));
+
+  // In case the peer does not send max frame size (e.g. peer is gRPC Go or
+  // peer uses an old binary), the negotiated frame size is set to
+  // kTsiAltsMinFrameSize (ignoring max_output_protected_frame_size value if
+  // present). Otherwise, it is based on peer and user specified max frame
+  // size (if present).
+  size_t max_frame_size = kTsiAltsMinFrameSize;
+  if (result->max_frame_size) {
+    size_t peer_max_frame_size = result->max_frame_size;
+    max_frame_size = std::min<size_t>(peer_max_frame_size,
+                                      max_output_protected_frame_size == nullptr
+                                          ? kTsiAltsMaxFrameSize
+                                          : *max_output_protected_frame_size);
+    max_frame_size = std::max<size_t>(max_frame_size, kTsiAltsMinFrameSize);
+  }
+  max_output_protected_frame_size = &max_frame_size;
+  gpr_log(GPR_DEBUG,
+          "After Frame Size Negotiation, maximum frame size used by frame "
+          "protector equals %zu",
+          *max_output_protected_frame_size);
   tsi_result ok = alts_zero_copy_grpc_protector_create(
       reinterpret_cast<const uint8_t*>(result->key_data),
       kAltsAes128GcmRekeyKeyLength, /*is_rekey=*/true, result->is_client,
@@ -288,6 +312,7 @@ tsi_result alts_tsi_handshaker_result_create(grpc_gcp_HandshakerResp* resp,
       static_cast<char*>(gpr_zalloc(peer_service_account.size + 1));
   memcpy(result->peer_identity, peer_service_account.data,
          peer_service_account.size);
+  result->max_frame_size = grpc_gcp_HandshakerResult_max_frame_size(hresult);
   upb::Arena rpc_versions_arena;
   bool serialized = grpc_gcp_rpc_protocol_versions_encode(
       peer_rpc_version, rpc_versions_arena.ptr(), &result->rpc_versions);
@@ -374,7 +399,8 @@ static tsi_result alts_tsi_handshaker_continue_handshaker_next(
         handshaker, channel, handshaker->handshaker_service_url,
         handshaker->interested_parties, handshaker->options,
         handshaker->target_name, grpc_cb, cb, user_data,
-        handshaker->client_vtable_for_testing, handshaker->is_client);
+        handshaker->client_vtable_for_testing, handshaker->is_client,
+        handshaker->max_frame_size);
     if (client == nullptr) {
       gpr_log(GPR_ERROR, "Failed to create ALTS handshaker client");
       return TSI_FAILED_PRECONDITION;
@@ -430,7 +456,7 @@ struct alts_tsi_handshaker_continue_handshaker_next_args {
 };
 
 static void alts_tsi_handshaker_create_channel(void* arg,
-                                               grpc_error* unused_error) {
+                                               grpc_error* /* unused_error */) {
   alts_tsi_handshaker_continue_handshaker_next_args* next_args =
       static_cast<alts_tsi_handshaker_continue_handshaker_next_args*>(arg);
   alts_tsi_handshaker* handshaker = next_args->handshaker;
@@ -570,7 +596,8 @@ bool alts_tsi_handshaker_has_shutdown(alts_tsi_handshaker* handshaker) {
 tsi_result alts_tsi_handshaker_create(
     const grpc_alts_credentials_options* options, const char* target_name,
     const char* handshaker_service_url, bool is_client,
-    grpc_pollset_set* interested_parties, tsi_handshaker** self) {
+    grpc_pollset_set* interested_parties, tsi_handshaker** self,
+    size_t user_specified_max_frame_size) {
   if (handshaker_service_url == nullptr || self == nullptr ||
       options == nullptr || (is_client && target_name == nullptr)) {
     gpr_log(GPR_ERROR, "Invalid arguments to alts_tsi_handshaker_create()");
@@ -590,6 +617,9 @@ tsi_result alts_tsi_handshaker_create(
   handshaker->has_created_handshaker_client = false;
   handshaker->handshaker_service_url = gpr_strdup(handshaker_service_url);
   handshaker->options = grpc_alts_credentials_options_copy(options);
+  handshaker->max_frame_size = user_specified_max_frame_size != 0
+                                   ? user_specified_max_frame_size
+                                   : kTsiAltsMaxFrameSize;
   handshaker->base.vtable = handshaker->use_dedicated_cq
                                 ? &handshaker_vtable_dedicated
                                 : &handshaker_vtable;

data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h

@@ -38,6 +38,11 @@
 
 const size_t kTsiAltsNumOfPeerProperties = 5;
 
+// Frame size negotiation extends send frame size range to
+// [kTsiAltsMinFrameSize, kTsiAltsMaxFrameSize].
+const size_t kTsiAltsMinFrameSize = 16 * 1024;
+const size_t kTsiAltsMaxFrameSize = 128 * 1024;
+
 typedef struct alts_tsi_handshaker alts_tsi_handshaker;
 
 /**
@@ -54,6 +59,8 @@ typedef struct alts_tsi_handshaker alts_tsi_handshaker;
  * - interested_parties: set of pollsets interested in this connection.
  * - self: address of ALTS TSI handshaker instance to be returned from the
  *   method.
+ * - user_specified_max_frame_size: Determines the maximum frame size used by
+ *   frame protector that is specified via user. If unspecified, the value is 0.
  *
  * It returns TSI_OK on success and an error status code on failure. Note that
  * if interested_parties is nullptr, a dedicated TSI thread will be created and
@@ -62,7 +69,8 @@ typedef struct alts_tsi_handshaker alts_tsi_handshaker;
 tsi_result alts_tsi_handshaker_create(
     const grpc_alts_credentials_options* options, const char* target_name,
     const char* handshaker_service_url, bool is_client,
-    grpc_pollset_set* interested_parties, tsi_handshaker** self);
+    grpc_pollset_set* interested_parties, tsi_handshaker** self,
+    size_t user_specified_max_frame_size);
 
 /**
  * This method creates an ALTS TSI handshaker result instance.

data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h

@@ -31,7 +31,7 @@
 #include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
 
 /* V-table for alts_grpc_record_protocol implementations.  */
-typedef struct {
+struct alts_grpc_record_protocol_vtable {
   tsi_result (*protect)(alts_grpc_record_protocol* self,
                         grpc_slice_buffer* unprotected_slices,
                         grpc_slice_buffer* protected_slices);
@@ -39,8 +39,7 @@ typedef struct {
                           grpc_slice_buffer* protected_slices,
                           grpc_slice_buffer* unprotected_slices);
   void (*destruct)(alts_grpc_record_protocol* self);
-} alts_grpc_record_protocol_vtable;
-
+};
 /* Main struct for alts_grpc_record_protocol implementation, shared by both
  * integrity-only record protocol and privacy-integrity record protocol.
  * Integrity-only record protocol has additional data elements.

data/src/core/tsi/fake_transport_security.cc

@@ -42,14 +42,13 @@
    | size |     data    |
    where the size field value is the size of the size field plus the size of
    the data encoded in little endian on 4 bytes.  */
-typedef struct {
+struct tsi_fake_frame {
   unsigned char* data;
   size_t size;
   size_t allocated_size;
   size_t offset;
   int needs_draining;
-} tsi_fake_frame;
-
+};
 typedef enum {
   TSI_FAKE_CLIENT_INIT = 0,
   TSI_FAKE_SERVER_INIT = 1,
@@ -58,7 +57,7 @@ typedef enum {
   TSI_FAKE_HANDSHAKE_MESSAGE_MAX = 4
 } tsi_fake_handshake_message;
 
-typedef struct {
+struct tsi_fake_handshaker {
   tsi_handshaker base;
   int is_client;
   tsi_fake_handshake_message next_message_to_send;
@@ -68,23 +67,20 @@ typedef struct {
   unsigned char* outgoing_bytes_buffer;
   size_t outgoing_bytes_buffer_size;
   tsi_result result;
-} tsi_fake_handshaker;
-
-typedef struct {
+};
+struct tsi_fake_frame_protector {
   tsi_frame_protector base;
   tsi_fake_frame protect_frame;
   tsi_fake_frame unprotect_frame;
   size_t max_frame_size;
-} tsi_fake_frame_protector;
-
-typedef struct {
+};
+struct tsi_fake_zero_copy_grpc_protector {
   tsi_zero_copy_grpc_protector base;
   grpc_slice_buffer header_sb;
   grpc_slice_buffer protected_sb;
   size_t max_frame_size;
   size_t parsed_frame_size;
-} tsi_fake_zero_copy_grpc_protector;
-
+};
 /* --- Utils. ---*/
 
 static const char* tsi_fake_handshake_message_strings[] = {
@@ -488,12 +484,11 @@ static const tsi_zero_copy_grpc_protector_vtable
 
 /* --- tsi_handshaker_result methods implementation. ---*/
 
-typedef struct {
+struct fake_handshaker_result {
   tsi_handshaker_result base;
   unsigned char* unused_bytes;
   size_t unused_bytes_size;
-} fake_handshaker_result;
-
+};
 static tsi_result fake_handshaker_result_extract_peer(
     const tsi_handshaker_result* self, tsi_peer* peer) {
   /* Construct a tsi_peer with 1 property: certificate type, security_level. */

data/src/core/tsi/ssl/session_cache/ssl_session.h

@@ -21,8 +21,6 @@
 
 #include <grpc/support/port_platform.h>
 
-#include "src/core/tsi/grpc_shadow_boringssl.h"
-
 #include <grpc/slice.h>
 
 extern "C" {

data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc

@@ -49,7 +49,7 @@ class BoringSslCachedSession : public SslCachedSession {
 
 std::unique_ptr<SslCachedSession> SslCachedSession::Create(
     SslSessionPtr session) {
-  return grpc_core::MakeUnique<BoringSslCachedSession>(std::move(session));
+  return absl::make_unique<BoringSslCachedSession>(std::move(session));
 }
 
 }  // namespace tsi

data/src/core/tsi/ssl/session_cache/ssl_session_cache.h

@@ -21,8 +21,6 @@
 
 #include <grpc/support/port_platform.h>
 
-#include "src/core/tsi/grpc_shadow_boringssl.h"
-
 #include <grpc/slice.h>
 #include <grpc/support/sync.h>
 

data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc

@@ -67,7 +67,7 @@ class OpenSslCachedSession : public SslCachedSession {
 
 std::unique_ptr<SslCachedSession> SslCachedSession::Create(
     SslSessionPtr session) {
-  return grpc_core::MakeUnique<OpenSslCachedSession>(std::move(session));
+  return absl::make_unique<OpenSslCachedSession>(std::move(session));
 }
 
 }  // namespace tsi

data/src/core/tsi/ssl_transport_security.cc

@@ -18,8 +18,6 @@
 
 #include <grpc/support/port_platform.h>
 
-#include "src/core/tsi/grpc_shadow_boringssl.h"
-
 #include "src/core/tsi/ssl_transport_security.h"
 
 #include <limits.h>
@@ -42,6 +40,9 @@
 #include <grpc/support/sync.h>
 #include <grpc/support/thd_id.h>
 
+#include "absl/strings/match.h"
+#include "absl/strings/string_view.h"
+
 extern "C" {
 #include <openssl/bio.h>
 #include <openssl/crypto.h> /* For OPENSSL_free */
@@ -105,7 +106,7 @@ struct tsi_ssl_server_handshaker_factory {
   size_t alpn_protocol_list_length;
 };
 
-typedef struct {
+struct tsi_ssl_handshaker {
   tsi_handshaker base;
   SSL* ssl;
   BIO* network_io;
@@ -113,25 +114,22 @@ typedef struct {
   unsigned char* outgoing_bytes_buffer;
   size_t outgoing_bytes_buffer_size;
   tsi_ssl_handshaker_factory* factory_ref;
-} tsi_ssl_handshaker;
-
-typedef struct {
+};
+struct tsi_ssl_handshaker_result {
   tsi_handshaker_result base;
   SSL* ssl;
   BIO* network_io;
   unsigned char* unused_bytes;
   size_t unused_bytes_size;
-} tsi_ssl_handshaker_result;
-
-typedef struct {
+};
+struct tsi_ssl_frame_protector {
   tsi_frame_protector base;
   SSL* ssl;
   BIO* network_io;
   unsigned char* buffer;
   size_t buffer_size;
   size_t buffer_offset;
-} tsi_ssl_frame_protector;
-
+};
 /* --- Library Initialization. ---*/
 
 static gpr_once g_init_openssl_once = GPR_ONCE_INIT;
@@ -238,7 +236,7 @@ static void ssl_info_callback(const SSL* ssl, int where, int ret) {
 
 /* Returns 1 if name looks like an IP address, 0 otherwise.
    This is a very rough heuristic, and only handles IPv6 in hexadecimal form. */
-static int looks_like_ip_address(grpc_core::StringView name) {
+static int looks_like_ip_address(absl::string_view name) {
   size_t dot_count = 0;
   size_t num_size = 0;
   for (size_t i = 0; i < name.size(); ++i) {
@@ -345,13 +343,10 @@ static tsi_result add_pem_certificate(X509* cert, tsi_peer_property* property) {
 /* Gets the subject SANs from an X509 cert as a tsi_peer_property. */
 static tsi_result add_subject_alt_names_properties_to_peer(
     tsi_peer* peer, GENERAL_NAMES* subject_alt_names,
-    size_t subject_alt_name_count) {
+    size_t subject_alt_name_count, int* current_insert_index) {
   size_t i;
   tsi_result result = TSI_OK;
 
-  /* Reset for DNS entries filtering. */
-  peer->property_count -= subject_alt_name_count;
-
   for (i = 0; i < subject_alt_name_count; i++) {
     GENERAL_NAME* subject_alt_name =
         sk_GENERAL_NAME_value(subject_alt_names, TSI_SIZE_AS_SIZE(i));
@@ -376,7 +371,17 @@ static tsi_result add_subject_alt_names_properties_to_peer(
       result = tsi_construct_string_peer_property(
           TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY,
           reinterpret_cast<const char*>(name), static_cast<size_t>(name_size),
-          &peer->properties[peer->property_count++]);
+          &peer->properties[(*current_insert_index)++]);
+      if (result != TSI_OK) {
+        OPENSSL_free(name);
+        break;
+      }
+      if (subject_alt_name->type == GEN_URI) {
+        result = tsi_construct_string_peer_property(
+            TSI_X509_URI_PEER_PROPERTY, reinterpret_cast<const char*>(name),
+            static_cast<size_t>(name_size),
+            &peer->properties[(*current_insert_index)++]);
+      }
       OPENSSL_free(name);
     } else if (subject_alt_name->type == GEN_IPADD) {
       char ntop_buf[INET6_ADDRSTRLEN];
@@ -401,7 +406,7 @@ static tsi_result add_subject_alt_names_properties_to_peer(
 
       result = tsi_construct_string_peer_property_from_cstring(
           TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY, name,
-          &peer->properties[peer->property_count++]);
+          &peer->properties[(*current_insert_index)++]);
     }
     if (result != TSI_OK) break;
   }
@@ -424,26 +429,35 @@ static tsi_result peer_from_x509(X509* cert, int include_certificate_type,
   property_count = (include_certificate_type ? static_cast<size_t>(1) : 0) +
                    2 /* common name, certificate */ +
                    static_cast<size_t>(subject_alt_name_count);
+  for (int i = 0; i < subject_alt_name_count; i++) {
+    GENERAL_NAME* subject_alt_name =
+        sk_GENERAL_NAME_value(subject_alt_names, TSI_SIZE_AS_SIZE(i));
+    if (subject_alt_name->type == GEN_URI) {
+      property_count += 1;
+    }
+  }
   result = tsi_construct_peer(property_count, peer);
   if (result != TSI_OK) return result;
+  int current_insert_index = 0;
   do {
     if (include_certificate_type) {
       result = tsi_construct_string_peer_property_from_cstring(
           TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
-          &peer->properties[0]);
+          &peer->properties[current_insert_index++]);
       if (result != TSI_OK) break;
     }
     result = peer_property_from_x509_common_name(
-        cert, &peer->properties[include_certificate_type ? 1 : 0]);
+        cert, &peer->properties[current_insert_index++]);
     if (result != TSI_OK) break;
 
-    result = add_pem_certificate(
-        cert, &peer->properties[include_certificate_type ? 2 : 1]);
+    result =
+        add_pem_certificate(cert, &peer->properties[current_insert_index++]);
     if (result != TSI_OK) break;
 
     if (subject_alt_name_count != 0) {
       result = add_subject_alt_names_properties_to_peer(
-          peer, subject_alt_names, static_cast<size_t>(subject_alt_name_count));
+          peer, subject_alt_names, static_cast<size_t>(subject_alt_name_count),
+          &current_insert_index);
       if (result != TSI_OK) break;
     }
   } while (0);
@@ -452,6 +466,8 @@ static tsi_result peer_from_x509(X509* cert, int include_certificate_type,
     sk_GENERAL_NAME_pop_free(subject_alt_names, GENERAL_NAME_free);
   }
   if (result != TSI_OK) tsi_peer_destruct(peer);
+
+  GPR_ASSERT((int)peer->property_count == current_insert_index);
   return result;
 }
 
@@ -1122,7 +1138,8 @@ static void tsi_ssl_handshaker_factory_init(
 tsi_result tsi_ssl_get_cert_chain_contents(STACK_OF(X509) * peer_chain,
                                            tsi_peer_property* property) {
   BIO* bio = BIO_new(BIO_s_mem());
-  for (int i = 0; i < sk_X509_num(peer_chain); i++) {
+  const auto peer_chain_len = sk_X509_num(peer_chain);
+  for (auto i = decltype(peer_chain_len){0}; i < peer_chain_len; i++) {
     if (!PEM_write_bio_X509(bio, sk_X509_value(peer_chain, i))) {
       BIO_free(bio);
       return TSI_INTERNAL_ERROR;
@@ -1644,8 +1661,8 @@ static void tsi_ssl_server_handshaker_factory_destroy(
   gpr_free(self);
 }
 
-static int does_entry_match_name(grpc_core::StringView entry,
-                                 grpc_core::StringView name) {
+static int does_entry_match_name(absl::string_view entry,
+                                 absl::string_view name) {
   if (entry.empty()) return 0;
 
   /* Take care of '.' terminations. */
@@ -1657,7 +1674,7 @@ static int does_entry_match_name(grpc_core::StringView entry,
     if (entry.empty()) return 0;
   }
 
-  if (name == entry) {
+  if (absl::EqualsIgnoreCase(name, entry)) {
     return 1; /* Perfect match. */
   }
   if (entry.front() != '*') return 0;
@@ -1668,23 +1685,21 @@ static int does_entry_match_name(grpc_core::StringView entry,
     return 0;
   }
   size_t name_subdomain_pos = name.find('.');
-  if (name_subdomain_pos == grpc_core::StringView::npos) return 0;
+  if (name_subdomain_pos == absl::string_view::npos) return 0;
   if (name_subdomain_pos >= name.size() - 2) return 0;
-  grpc_core::StringView name_subdomain =
+  absl::string_view name_subdomain =
       name.substr(name_subdomain_pos + 1); /* Starts after the dot. */
   entry.remove_prefix(2);                  /* Remove *. */
   size_t dot = name_subdomain.find('.');
-  if (dot == grpc_core::StringView::npos || dot == name_subdomain.size() - 1) {
-    grpc_core::UniquePtr<char> name_subdomain_cstr(
-        grpc_core::StringViewToCString(name_subdomain));
+  if (dot == absl::string_view::npos || dot == name_subdomain.size() - 1) {
     gpr_log(GPR_ERROR, "Invalid toplevel subdomain: %s",
-            name_subdomain_cstr.get());
+            std::string(name_subdomain).c_str());
     return 0;
   }
   if (name_subdomain.back() == '.') {
     name_subdomain.remove_suffix(1);
   }
-  return !entry.empty() && name_subdomain == entry;
+  return !entry.empty() && absl::EqualsIgnoreCase(name_subdomain, entry);
 }
 
 static int ssl_server_handshaker_factory_servername_callback(SSL* ssl,
@@ -1706,7 +1721,7 @@ static int ssl_server_handshaker_factory_servername_callback(SSL* ssl,
     }
   }
   gpr_log(GPR_ERROR, "No match found for server name: %s.", servername);
-  return SSL_TLSEXT_ERR_ALERT_WARNING;
+  return SSL_TLSEXT_ERR_NOACK;
 }
 
 #if TSI_OPENSSL_ALPN_SUPPORT
@@ -2057,8 +2072,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
 
 /* --- tsi_ssl utils. --- */
 
-int tsi_ssl_peer_matches_name(const tsi_peer* peer,
-                              grpc_core::StringView name) {
+int tsi_ssl_peer_matches_name(const tsi_peer* peer, absl::string_view name) {
   size_t i = 0;
   size_t san_count = 0;
   const tsi_peer_property* cn_property = nullptr;
@@ -2072,7 +2086,7 @@ int tsi_ssl_peer_matches_name(const tsi_peer* peer,
                TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY) == 0) {
       san_count++;
 
-      grpc_core::StringView entry(property->value.data, property->value.length);
+      absl::string_view entry(property->value.data, property->value.length);
       if (!like_ip && does_entry_match_name(entry, name)) {
         return 1;
       } else if (like_ip && name == entry) {
@@ -2087,8 +2101,8 @@ int tsi_ssl_peer_matches_name(const tsi_peer* peer,
 
   /* If there's no SAN, try the CN, but only if its not like an IP Address */
   if (san_count == 0 && cn_property != nullptr && !like_ip) {
-    if (does_entry_match_name(grpc_core::StringView(cn_property->value.data,
-                                                    cn_property->value.length),
+    if (does_entry_match_name(absl::string_view(cn_property->value.data,
+                                                cn_property->value.length),
                               name)) {
       return 1;
     }