grpc 1.30.0 → 1.31.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +560 -619
- data/include/grpc/grpc_security.h +8 -0
- data/include/grpc/grpc_security_constants.h +3 -0
- data/include/grpc/impl/codegen/grpc_types.h +7 -5
- data/include/grpc/impl/codegen/port_platform.h +0 -32
- data/src/core/ext/filters/client_channel/backend_metric.cc +12 -9
- data/src/core/ext/filters/client_channel/client_channel.cc +406 -261
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +2 -0
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +39 -23
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +4 -6
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -4
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +381 -72
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +5 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +6 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +8 -6
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +9 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +7 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -48
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +6 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +21 -18
- data/src/core/ext/filters/client_channel/resolver_registry.cc +13 -14
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +6 -7
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +33 -28
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +39 -20
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +1 -1
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +327 -123
- data/src/core/ext/filters/client_channel/xds/xds_api.h +72 -7
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +12 -23
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +112 -33
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +10 -10
- data/src/core/ext/filters/http/client/http_client_filter.cc +5 -5
- data/src/core/ext/filters/http/http_filters_plugin.cc +2 -1
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +74 -33
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +3 -1
- data/src/core/ext/filters/message_size/message_size_filter.cc +56 -80
- data/src/core/ext/filters/message_size/message_size_filter.h +6 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +383 -347
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +19 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +22 -27
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/internal.h +13 -0
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/writing.cc +9 -14
- data/src/core/ext/transport/inproc/inproc_transport.cc +35 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +80 -69
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +24 -23
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +66 -56
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +317 -311
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +9 -8
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +163 -169
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +4 -5
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +137 -117
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +105 -87
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +12 -13
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +49 -42
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +81 -65
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +648 -696
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +234 -199
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +13 -13
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +20 -18
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +18 -17
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +3 -3
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +412 -386
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +5 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.h +536 -535
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +5 -15
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/string.cc +10 -9
- data/src/core/lib/gpr/string.h +4 -2
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/http/httpcli.cc +13 -10
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -0
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +5 -6
- data/src/core/lib/iomgr/ev_epollex_linux.cc +15 -21
- data/src/core/lib/iomgr/ev_poll_posix.cc +6 -5
- data/src/core/lib/iomgr/ev_posix.cc +2 -0
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/port.h +1 -21
- data/src/core/lib/iomgr/resolve_address_custom.cc +13 -18
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -8
- data/src/core/lib/iomgr/resource_quota.cc +34 -31
- data/src/core/lib/iomgr/sockaddr_utils.cc +7 -5
- data/src/core/lib/iomgr/sockaddr_utils.h +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +95 -55
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +9 -11
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +27 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +9 -9
- data/src/core/lib/iomgr/tcp_custom.cc +1 -1
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +6 -14
- data/src/core/lib/iomgr/tcp_server_posix.cc +34 -41
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -7
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +4 -9
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/timer_generic.cc +13 -12
- data/src/core/lib/iomgr/udp_server.cc +24 -23
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json_reader.cc +20 -21
- data/src/core/lib/security/credentials/credentials.h +5 -3
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +12 -9
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +19 -28
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +10 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +10 -10
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +18 -11
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +5 -0
- data/src/core/lib/security/security_connector/ssl_utils.cc +44 -23
- data/src/core/lib/security/security_connector/ssl_utils.h +6 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +27 -24
- data/src/core/lib/security/transport/auth_filters.h +0 -5
- data/src/core/lib/security/transport/client_auth_filter.cc +10 -9
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_internal.h +1 -0
- data/src/core/lib/surface/call.cc +40 -41
- data/src/core/lib/surface/completion_queue.cc +271 -14
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/server.cc +565 -632
- data/src/core/lib/surface/server.h +34 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/transport.h +6 -0
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +23 -13
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +2 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/ssl_transport_security.cc +108 -11
- data/src/core/tsi/ssl_transport_security.h +14 -2
- data/src/core/tsi/transport_security_interface.h +5 -0
- data/src/ruby/bin/math_services_pb.rb +4 -4
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +3 -2
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +57 -12
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +1 -1
- data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +2 -2
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +5 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +28 -12
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +2 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/same_package_service_name.proto +27 -0
- data/src/ruby/spec/pb/codegen/grpc/testing/same_ruby_package_service_name.proto +29 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +25 -1
- data/src/ruby/spec/support/services.rb +10 -4
- data/src/ruby/spec/user_agent_spec.rb +74 -0
- data/third_party/boringssl-with-bazel/err_data.c +89 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +12 -52
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +0 -22
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +11 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +24 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +116 -363
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +7 -45
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +28 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +33 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -10
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +789 -715
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +9 -2
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +9 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +17 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -7
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +28 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +4 -24
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +45 -24
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +31 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +12 -9
- data/third_party/re2/re2/bitmap256.h +117 -0
- data/third_party/re2/re2/bitstate.cc +385 -0
- data/third_party/re2/re2/compile.cc +1279 -0
- data/third_party/re2/re2/dfa.cc +2130 -0
- data/third_party/re2/re2/filtered_re2.cc +121 -0
- data/third_party/re2/re2/filtered_re2.h +109 -0
- data/third_party/re2/re2/mimics_pcre.cc +197 -0
- data/third_party/re2/re2/nfa.cc +713 -0
- data/third_party/re2/re2/onepass.cc +623 -0
- data/third_party/re2/re2/parse.cc +2464 -0
- data/third_party/re2/re2/perl_groups.cc +119 -0
- data/third_party/re2/re2/pod_array.h +55 -0
- data/third_party/re2/re2/prefilter.cc +710 -0
- data/third_party/re2/re2/prefilter.h +108 -0
- data/third_party/re2/re2/prefilter_tree.cc +407 -0
- data/third_party/re2/re2/prefilter_tree.h +139 -0
- data/third_party/re2/re2/prog.cc +988 -0
- data/third_party/re2/re2/prog.h +436 -0
- data/third_party/re2/re2/re2.cc +1362 -0
- data/third_party/re2/re2/re2.h +1002 -0
- data/third_party/re2/re2/regexp.cc +980 -0
- data/third_party/re2/re2/regexp.h +659 -0
- data/third_party/re2/re2/set.cc +154 -0
- data/third_party/re2/re2/set.h +80 -0
- data/third_party/re2/re2/simplify.cc +657 -0
- data/third_party/re2/re2/sparse_array.h +392 -0
- data/third_party/re2/re2/sparse_set.h +264 -0
- data/third_party/re2/re2/stringpiece.cc +65 -0
- data/third_party/re2/re2/stringpiece.h +210 -0
- data/third_party/re2/re2/tostring.cc +351 -0
- data/third_party/re2/re2/unicode_casefold.cc +582 -0
- data/third_party/re2/re2/unicode_casefold.h +78 -0
- data/third_party/re2/re2/unicode_groups.cc +6269 -0
- data/third_party/re2/re2/unicode_groups.h +67 -0
- data/third_party/re2/re2/walker-inl.h +246 -0
- data/third_party/re2/util/benchmark.h +156 -0
- data/third_party/re2/util/flags.h +26 -0
- data/third_party/re2/util/logging.h +109 -0
- data/third_party/re2/util/malloc_counter.h +19 -0
- data/third_party/re2/util/mix.h +41 -0
- data/third_party/re2/util/mutex.h +148 -0
- data/third_party/re2/util/pcre.cc +1025 -0
- data/third_party/re2/util/pcre.h +681 -0
- data/third_party/re2/util/rune.cc +260 -0
- data/third_party/re2/util/strutil.cc +149 -0
- data/third_party/re2/util/strutil.h +21 -0
- data/third_party/re2/util/test.h +50 -0
- data/third_party/re2/util/utf.h +44 -0
- data/third_party/re2/util/util.h +42 -0
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +90 -30
- data/third_party/upb/upb/generated_util.h +0 -105
@@ -33,7 +33,10 @@ struct grpc_ssl_config {
|
|
33
33
|
tsi_ssl_pem_key_cert_pair* pem_key_cert_pair;
|
34
34
|
char* pem_root_certs;
|
35
35
|
verify_peer_options verify_options;
|
36
|
+
grpc_tls_version min_tls_version = grpc_tls_version::TLS1_2;
|
37
|
+
grpc_tls_version max_tls_version = grpc_tls_version::TLS1_3;
|
36
38
|
};
|
39
|
+
|
37
40
|
/* Creates an SSL channel_security_connector.
|
38
41
|
- request_metadata_creds is the credentials object which metadata
|
39
42
|
will be sent with each request. This parameter can be NULL.
|
@@ -62,6 +65,8 @@ struct grpc_ssl_server_config {
|
|
62
65
|
char* pem_root_certs = nullptr;
|
63
66
|
grpc_ssl_client_certificate_request_type client_certificate_request =
|
64
67
|
GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE;
|
68
|
+
grpc_tls_version min_tls_version = grpc_tls_version::TLS1_2;
|
69
|
+
grpc_tls_version max_tls_version = grpc_tls_version::TLS1_3;
|
65
70
|
};
|
66
71
|
/* Creates an SSL server_security_connector.
|
67
72
|
- config is the SSL config to be used for the SSL channel establishment.
|
@@ -20,12 +20,13 @@
|
|
20
20
|
|
21
21
|
#include "src/core/lib/security/security_connector/ssl_utils.h"
|
22
22
|
|
23
|
+
#include <vector>
|
24
|
+
|
25
|
+
#include "absl/strings/str_cat.h"
|
26
|
+
|
23
27
|
#include <grpc/slice_buffer.h>
|
24
28
|
#include <grpc/support/alloc.h>
|
25
29
|
#include <grpc/support/log.h>
|
26
|
-
#include <grpc/support/string_util.h>
|
27
|
-
|
28
|
-
#include <vector>
|
29
30
|
|
30
31
|
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
|
31
32
|
#include "src/core/lib/channel/channel_args.h"
|
@@ -67,6 +68,9 @@ static const char* cipher_suites = nullptr;
|
|
67
68
|
// All cipher suites for default are compliant with HTTP2.
|
68
69
|
GPR_GLOBAL_CONFIG_DEFINE_STRING(
|
69
70
|
grpc_ssl_cipher_suites,
|
71
|
+
"TLS_AES_128_GCM_SHA256:"
|
72
|
+
"TLS_AES_256_GCM_SHA384:"
|
73
|
+
"TLS_CHACHA20_POLY1305_SHA256:"
|
70
74
|
"ECDHE-ECDSA-AES128-GCM-SHA256:"
|
71
75
|
"ECDHE-ECDSA-AES256-GCM-SHA384:"
|
72
76
|
"ECDHE-RSA-AES128-GCM-SHA256:"
|
@@ -134,6 +138,18 @@ grpc_get_tsi_client_certificate_request_type(
|
|
134
138
|
}
|
135
139
|
}
|
136
140
|
|
141
|
+
tsi_tls_version grpc_get_tsi_tls_version(grpc_tls_version tls_version) {
|
142
|
+
switch (tls_version) {
|
143
|
+
case grpc_tls_version::TLS1_2:
|
144
|
+
return tsi_tls_version::TSI_TLS1_2;
|
145
|
+
case grpc_tls_version::TLS1_3:
|
146
|
+
return tsi_tls_version::TSI_TLS1_3;
|
147
|
+
default:
|
148
|
+
gpr_log(GPR_INFO, "Falling back to TLS 1.2.");
|
149
|
+
return tsi_tls_version::TSI_TLS1_2;
|
150
|
+
}
|
151
|
+
}
|
152
|
+
|
137
153
|
grpc_error* grpc_ssl_check_alpn(const tsi_peer* peer) {
|
138
154
|
#if TSI_OPENSSL_ALPN_SUPPORT
|
139
155
|
/* Check the ALPN if ALPN is supported. */
|
@@ -155,12 +171,9 @@ grpc_error* grpc_ssl_check_peer_name(absl::string_view peer_name,
|
|
155
171
|
const tsi_peer* peer) {
|
156
172
|
/* Check the peer name if specified. */
|
157
173
|
if (!peer_name.empty() && !grpc_ssl_host_matches_name(peer, peer_name)) {
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
grpc_error* error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg);
|
162
|
-
gpr_free(msg);
|
163
|
-
return error;
|
174
|
+
return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
175
|
+
absl::StrCat("Peer name ", peer_name, " is not in peer certificate")
|
176
|
+
.c_str());
|
164
177
|
}
|
165
178
|
return GRPC_ERROR_NONE;
|
166
179
|
}
|
@@ -257,7 +270,8 @@ grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context(
|
|
257
270
|
transport_security_type);
|
258
271
|
const char* spiffe_data = nullptr;
|
259
272
|
size_t spiffe_length = 0;
|
260
|
-
int
|
273
|
+
int uri_count = 0;
|
274
|
+
bool has_spiffe_id = false;
|
261
275
|
for (i = 0; i < peer->property_count; i++) {
|
262
276
|
const tsi_peer_property* prop = &peer->properties[i];
|
263
277
|
if (prop->name == nullptr) continue;
|
@@ -290,11 +304,12 @@ grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context(
|
|
290
304
|
ctx.get(), GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME,
|
291
305
|
prop->value.data, prop->value.length);
|
292
306
|
} else if (strcmp(prop->name, TSI_X509_URI_PEER_PROPERTY) == 0) {
|
307
|
+
uri_count++;
|
293
308
|
absl::string_view spiffe_id(prop->value.data, prop->value.length);
|
294
309
|
if (IsSpiffeId(spiffe_id)) {
|
295
310
|
spiffe_data = prop->value.data;
|
296
311
|
spiffe_length = prop->value.length;
|
297
|
-
|
312
|
+
has_spiffe_id = true;
|
298
313
|
}
|
299
314
|
}
|
300
315
|
}
|
@@ -302,16 +317,17 @@ grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context(
|
|
302
317
|
GPR_ASSERT(grpc_auth_context_set_peer_identity_property_name(
|
303
318
|
ctx.get(), peer_identity_property_name) == 1);
|
304
319
|
}
|
305
|
-
//
|
306
|
-
|
307
|
-
|
308
|
-
|
309
|
-
|
310
|
-
|
311
|
-
|
312
|
-
|
313
|
-
|
314
|
-
|
320
|
+
// A valid SPIFFE certificate can only have exact one URI SAN field.
|
321
|
+
if (has_spiffe_id) {
|
322
|
+
if (uri_count == 1) {
|
323
|
+
GPR_ASSERT(spiffe_length > 0);
|
324
|
+
GPR_ASSERT(spiffe_data != nullptr);
|
325
|
+
grpc_auth_context_add_property(ctx.get(),
|
326
|
+
GRPC_PEER_SPIFFE_ID_PROPERTY_NAME,
|
327
|
+
spiffe_data, spiffe_length);
|
328
|
+
} else {
|
329
|
+
gpr_log(GPR_INFO, "Invalid SPIFFE ID: multiple URI SANs.");
|
330
|
+
}
|
315
331
|
}
|
316
332
|
return ctx;
|
317
333
|
}
|
@@ -373,8 +389,8 @@ void grpc_shallow_peer_destruct(tsi_peer* peer) {
|
|
373
389
|
|
374
390
|
grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init(
|
375
391
|
tsi_ssl_pem_key_cert_pair* pem_key_cert_pair, const char* pem_root_certs,
|
376
|
-
bool skip_server_certificate_verification,
|
377
|
-
tsi_ssl_session_cache* ssl_session_cache,
|
392
|
+
bool skip_server_certificate_verification, tsi_tls_version min_tls_version,
|
393
|
+
tsi_tls_version max_tls_version, tsi_ssl_session_cache* ssl_session_cache,
|
378
394
|
tsi_ssl_client_handshaker_factory** handshaker_factory) {
|
379
395
|
const char* root_certs;
|
380
396
|
const tsi_ssl_root_certs_store* root_store;
|
@@ -406,6 +422,8 @@ grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init(
|
|
406
422
|
options.session_cache = ssl_session_cache;
|
407
423
|
options.skip_server_certificate_verification =
|
408
424
|
skip_server_certificate_verification;
|
425
|
+
options.min_tls_version = min_tls_version;
|
426
|
+
options.max_tls_version = max_tls_version;
|
409
427
|
const tsi_result result =
|
410
428
|
tsi_create_ssl_client_handshaker_factory_with_options(&options,
|
411
429
|
handshaker_factory);
|
@@ -422,6 +440,7 @@ grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
|
|
422
440
|
tsi_ssl_pem_key_cert_pair* pem_key_cert_pairs, size_t num_key_cert_pairs,
|
423
441
|
const char* pem_root_certs,
|
424
442
|
grpc_ssl_client_certificate_request_type client_certificate_request,
|
443
|
+
tsi_tls_version min_tls_version, tsi_tls_version max_tls_version,
|
425
444
|
tsi_ssl_server_handshaker_factory** handshaker_factory) {
|
426
445
|
size_t num_alpn_protocols = 0;
|
427
446
|
const char** alpn_protocol_strings =
|
@@ -435,6 +454,8 @@ grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
|
|
435
454
|
options.cipher_suites = grpc_get_ssl_cipher_suites();
|
436
455
|
options.alpn_protocols = alpn_protocol_strings;
|
437
456
|
options.num_alpn_protocols = static_cast<uint16_t>(num_alpn_protocols);
|
457
|
+
options.min_tls_version = min_tls_version;
|
458
|
+
options.max_tls_version = max_tls_version;
|
438
459
|
const tsi_result result =
|
439
460
|
tsi_create_ssl_server_handshaker_factory_with_options(&options,
|
440
461
|
handshaker_factory);
|
@@ -73,6 +73,9 @@ grpc_get_tsi_client_certificate_request_type(
|
|
73
73
|
grpc_security_level grpc_tsi_security_level_string_to_enum(
|
74
74
|
const char* security_level);
|
75
75
|
|
76
|
+
/* Map grpc_tls_version to tsi_tls_version. */
|
77
|
+
tsi_tls_version grpc_get_tsi_tls_version(grpc_tls_version tls_version);
|
78
|
+
|
76
79
|
/* Map grpc_security_level enum to a string. */
|
77
80
|
const char* grpc_security_level_to_string(grpc_security_level security_level);
|
78
81
|
|
@@ -86,14 +89,15 @@ const char** grpc_fill_alpn_protocol_strings(size_t* num_alpn_protocols);
|
|
86
89
|
/* Initialize TSI SSL server/client handshaker factory. */
|
87
90
|
grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init(
|
88
91
|
tsi_ssl_pem_key_cert_pair* key_cert_pair, const char* pem_root_certs,
|
89
|
-
bool skip_server_certificate_verification,
|
90
|
-
tsi_ssl_session_cache* ssl_session_cache,
|
92
|
+
bool skip_server_certificate_verification, tsi_tls_version min_tls_version,
|
93
|
+
tsi_tls_version max_tls_version, tsi_ssl_session_cache* ssl_session_cache,
|
91
94
|
tsi_ssl_client_handshaker_factory** handshaker_factory);
|
92
95
|
|
93
96
|
grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
|
94
97
|
tsi_ssl_pem_key_cert_pair* key_cert_pairs, size_t num_key_cert_pairs,
|
95
98
|
const char* pem_root_certs,
|
96
99
|
grpc_ssl_client_certificate_request_type client_certificate_request,
|
100
|
+
tsi_tls_version min_tls_version, tsi_tls_version max_tls_version,
|
97
101
|
tsi_ssl_server_handshaker_factory** handshaker_factory);
|
98
102
|
|
99
103
|
/* Exposed for testing only. */
|
@@ -23,6 +23,7 @@
|
|
23
23
|
#include <stdbool.h>
|
24
24
|
#include <string.h>
|
25
25
|
|
26
|
+
#include "absl/strings/str_cat.h"
|
26
27
|
#include "absl/strings/string_view.h"
|
27
28
|
|
28
29
|
#include <grpc/grpc.h>
|
@@ -130,11 +131,9 @@ grpc_status_code TlsFetchKeyMaterials(
|
|
130
131
|
grpc_error* TlsCheckHostName(const char* peer_name, const tsi_peer* peer) {
|
131
132
|
/* Check the peer name if specified. */
|
132
133
|
if (peer_name != nullptr && !grpc_ssl_host_matches_name(peer, peer_name)) {
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
gpr_free(msg);
|
137
|
-
return error;
|
134
|
+
return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
135
|
+
absl::StrCat("Peer name ", peer_name, " is not in peer certificate")
|
136
|
+
.c_str());
|
138
137
|
}
|
139
138
|
return GRPC_ERROR_NONE;
|
140
139
|
}
|
@@ -279,7 +278,7 @@ int TlsChannelSecurityConnector::cmp(
|
|
279
278
|
|
280
279
|
bool TlsChannelSecurityConnector::check_call_host(
|
281
280
|
absl::string_view host, grpc_auth_context* auth_context,
|
282
|
-
grpc_closure* on_call_host_checked
|
281
|
+
grpc_closure* /*on_call_host_checked*/, grpc_error** error) {
|
283
282
|
return grpc_ssl_check_call_host(host, target_name_.c_str(),
|
284
283
|
overridden_target_name_.c_str(), auth_context,
|
285
284
|
error);
|
@@ -334,8 +333,10 @@ grpc_security_status TlsChannelSecurityConnector::ReplaceHandshakerFactory(
|
|
334
333
|
key_materials_config_->pem_key_cert_pair_list());
|
335
334
|
grpc_security_status status = grpc_ssl_tsi_client_handshaker_factory_init(
|
336
335
|
pem_key_cert_pair, key_materials_config_->pem_root_certs(),
|
337
|
-
skip_server_certificate_verification,
|
338
|
-
|
336
|
+
skip_server_certificate_verification,
|
337
|
+
grpc_get_tsi_tls_version(creds->options().min_tls_version()),
|
338
|
+
grpc_get_tsi_tls_version(creds->options().max_tls_version()),
|
339
|
+
ssl_session_cache, &client_handshaker_factory_);
|
339
340
|
/* Free memory. */
|
340
341
|
grpc_tsi_ssl_pem_key_cert_pairs_destroy(pem_key_cert_pair, 1);
|
341
342
|
return status;
|
@@ -402,31 +403,30 @@ void TlsChannelSecurityConnector::ServerAuthorizationCheckDone(
|
|
402
403
|
grpc_error* TlsChannelSecurityConnector::ProcessServerAuthorizationCheckResult(
|
403
404
|
grpc_tls_server_authorization_check_arg* arg) {
|
404
405
|
grpc_error* error = GRPC_ERROR_NONE;
|
405
|
-
char* msg = nullptr;
|
406
406
|
/* Server authorization check is cancelled by caller. */
|
407
407
|
if (arg->status == GRPC_STATUS_CANCELLED) {
|
408
|
-
|
409
|
-
|
410
|
-
|
411
|
-
|
412
|
-
|
408
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
409
|
+
absl::StrCat("Server authorization check is cancelled by the caller "
|
410
|
+
"with error: ",
|
411
|
+
arg->error_details->error_details())
|
412
|
+
.c_str());
|
413
413
|
} else if (arg->status == GRPC_STATUS_OK) {
|
414
414
|
/* Server authorization check completed successfully but returned check
|
415
415
|
* failure. */
|
416
416
|
if (!arg->success) {
|
417
|
-
|
418
|
-
|
419
|
-
|
417
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
418
|
+
absl::StrCat("Server authorization check failed with error: ",
|
419
|
+
arg->error_details->error_details())
|
420
|
+
.c_str());
|
420
421
|
}
|
421
422
|
/* Server authorization check did not complete correctly. */
|
422
423
|
} else {
|
423
|
-
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
|
424
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
425
|
+
absl::StrCat(
|
426
|
+
"Server authorization check did not finish correctly with error: ",
|
427
|
+
arg->error_details->error_details())
|
428
|
+
.c_str());
|
428
429
|
}
|
429
|
-
gpr_free(msg);
|
430
430
|
return error;
|
431
431
|
}
|
432
432
|
|
@@ -544,7 +544,10 @@ grpc_security_status TlsServerSecurityConnector::ReplaceHandshakerFactory() {
|
|
544
544
|
grpc_security_status status = grpc_ssl_tsi_server_handshaker_factory_init(
|
545
545
|
pem_key_cert_pairs, num_key_cert_pairs,
|
546
546
|
key_materials_config_->pem_root_certs(),
|
547
|
-
creds->options().cert_request_type(),
|
547
|
+
creds->options().cert_request_type(),
|
548
|
+
grpc_get_tsi_tls_version(creds->options().min_tls_version()),
|
549
|
+
grpc_get_tsi_tls_version(creds->options().max_tls_version()),
|
550
|
+
&server_handshaker_factory_);
|
548
551
|
/* Free memory. */
|
549
552
|
grpc_tsi_ssl_pem_key_cert_pairs_destroy(pem_key_cert_pairs,
|
550
553
|
num_key_cert_pairs);
|
@@ -32,9 +32,4 @@ void grpc_auth_metadata_context_build(
|
|
32
32
|
const grpc_slice& call_method, grpc_auth_context* auth_context,
|
33
33
|
grpc_auth_metadata_context* auth_md_context);
|
34
34
|
|
35
|
-
void grpc_auth_metadata_context_copy(grpc_auth_metadata_context* from,
|
36
|
-
grpc_auth_metadata_context* to);
|
37
|
-
|
38
|
-
void grpc_auth_metadata_context_reset(grpc_auth_metadata_context* context);
|
39
|
-
|
40
35
|
#endif /* GRPC_CORE_LIB_SECURITY_TRANSPORT_AUTH_FILTERS_H */
|
@@ -22,6 +22,10 @@
|
|
22
22
|
|
23
23
|
#include <string.h>
|
24
24
|
|
25
|
+
#include <string>
|
26
|
+
|
27
|
+
#include "absl/strings/str_cat.h"
|
28
|
+
|
25
29
|
#include <grpc/support/alloc.h>
|
26
30
|
#include <grpc/support/log.h>
|
27
31
|
#include <grpc/support/string_util.h>
|
@@ -331,18 +335,15 @@ static void on_host_checked(void* arg, grpc_error* error) {
|
|
331
335
|
if (error == GRPC_ERROR_NONE) {
|
332
336
|
send_security_metadata(elem, batch);
|
333
337
|
} else {
|
334
|
-
|
335
|
-
|
336
|
-
|
337
|
-
host);
|
338
|
-
gpr_free(host);
|
338
|
+
std::string error_msg = absl::StrCat(
|
339
|
+
"Invalid host ", grpc_core::StringViewFromSlice(calld->host),
|
340
|
+
" set in :authority metadata.");
|
339
341
|
grpc_transport_stream_op_batch_finish_with_failure(
|
340
342
|
batch,
|
341
|
-
grpc_error_set_int(
|
342
|
-
|
343
|
-
|
343
|
+
grpc_error_set_int(
|
344
|
+
GRPC_ERROR_CREATE_FROM_COPIED_STRING(error_msg.c_str()),
|
345
|
+
GRPC_ERROR_INT_GRPC_STATUS, GRPC_STATUS_UNAUTHENTICATED),
|
344
346
|
calld->call_combiner);
|
345
|
-
gpr_free(error_msg);
|
346
347
|
}
|
347
348
|
GRPC_CALL_STACK_UNREF(calld->owning_call, "check_call_host");
|
348
349
|
}
|
@@ -18,14 +18,16 @@
|
|
18
18
|
|
19
19
|
#include <grpc/support/port_platform.h>
|
20
20
|
|
21
|
-
#include "src/core/lib/iomgr/error.h"
|
22
|
-
#include "src/core/lib/security/util/json_util.h"
|
23
|
-
|
24
21
|
#include <string.h>
|
25
22
|
|
23
|
+
#include "absl/strings/str_cat.h"
|
24
|
+
|
26
25
|
#include <grpc/support/log.h>
|
27
26
|
#include <grpc/support/string_util.h>
|
28
27
|
|
28
|
+
#include "src/core/lib/iomgr/error.h"
|
29
|
+
#include "src/core/lib/security/util/json_util.h"
|
30
|
+
|
29
31
|
const char* grpc_json_get_string_property(const grpc_core::Json& json,
|
30
32
|
const char* prop_name,
|
31
33
|
grpc_error** error) {
|
@@ -39,21 +41,18 @@ const char* grpc_json_get_string_property(const grpc_core::Json& json,
|
|
39
41
|
auto it = json.object_value().find(prop_name);
|
40
42
|
if (it == json.object_value().end()) {
|
41
43
|
if (error != nullptr) {
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
*error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(error_msg);
|
46
|
-
gpr_free(error_msg);
|
44
|
+
*error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
45
|
+
absl::StrCat("Property ", prop_name, " not found in JSON object.")
|
46
|
+
.c_str());
|
47
47
|
}
|
48
48
|
return nullptr;
|
49
49
|
}
|
50
50
|
if (it->second.type() != grpc_core::Json::Type::STRING) {
|
51
51
|
if (error != nullptr) {
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
gpr_free(error_msg);
|
52
|
+
*error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
53
|
+
absl::StrCat("Property ", prop_name,
|
54
|
+
" n JSON object is not a string.")
|
55
|
+
.c_str());
|
57
56
|
}
|
58
57
|
return nullptr;
|
59
58
|
}
|
data/src/core/lib/slice/slice.cc
CHANGED
@@ -156,7 +156,7 @@ class NewWithLenSliceRefcount {
|
|
156
156
|
/** grpc_slice_from_moved_(string|buffer) ref count .*/
|
157
157
|
class MovedStringSliceRefCount {
|
158
158
|
public:
|
159
|
-
MovedStringSliceRefCount(grpc_core::UniquePtr<char>&& str)
|
159
|
+
explicit MovedStringSliceRefCount(grpc_core::UniquePtr<char>&& str)
|
160
160
|
: base_(grpc_slice_refcount::Type::REGULAR, &refs_, Destroy, this,
|
161
161
|
&base_),
|
162
162
|
str_(std::move(str)) {}
|
@@ -173,6 +173,26 @@ class MovedStringSliceRefCount {
|
|
173
173
|
grpc_core::UniquePtr<char> str_;
|
174
174
|
};
|
175
175
|
|
176
|
+
// grpc_slice_from_cpp_string() ref count.
|
177
|
+
class MovedCppStringSliceRefCount {
|
178
|
+
public:
|
179
|
+
explicit MovedCppStringSliceRefCount(std::string&& str)
|
180
|
+
: base_(grpc_slice_refcount::Type::REGULAR, &refs_, Destroy, this,
|
181
|
+
&base_),
|
182
|
+
str_(std::move(str)) {}
|
183
|
+
|
184
|
+
grpc_slice_refcount* base_refcount() { return &base_; }
|
185
|
+
|
186
|
+
private:
|
187
|
+
static void Destroy(void* arg) {
|
188
|
+
delete static_cast<MovedCppStringSliceRefCount*>(arg);
|
189
|
+
}
|
190
|
+
|
191
|
+
grpc_slice_refcount base_;
|
192
|
+
grpc_core::RefCount refs_;
|
193
|
+
std::string str_;
|
194
|
+
};
|
195
|
+
|
176
196
|
} // namespace grpc_core
|
177
197
|
|
178
198
|
grpc_slice grpc_slice_new_with_len(void* p, size_t len,
|
@@ -232,6 +252,23 @@ grpc_slice grpc_slice_from_moved_string(grpc_core::UniquePtr<char> p) {
|
|
232
252
|
return grpc_slice_from_moved_buffer(std::move(p), len);
|
233
253
|
}
|
234
254
|
|
255
|
+
grpc_slice grpc_slice_from_cpp_string(std::string str) {
|
256
|
+
grpc_slice slice;
|
257
|
+
if (str.size() <= sizeof(slice.data.inlined.bytes)) {
|
258
|
+
slice.refcount = nullptr;
|
259
|
+
slice.data.inlined.length = str.size();
|
260
|
+
memcpy(GRPC_SLICE_START_PTR(slice), str.data(), str.size());
|
261
|
+
} else {
|
262
|
+
slice.data.refcounted.bytes =
|
263
|
+
reinterpret_cast<uint8_t*>(const_cast<char*>(str.data()));
|
264
|
+
slice.data.refcounted.length = str.size();
|
265
|
+
slice.refcount =
|
266
|
+
(new grpc_core::MovedCppStringSliceRefCount(std::move(str)))
|
267
|
+
->base_refcount();
|
268
|
+
}
|
269
|
+
return slice;
|
270
|
+
}
|
271
|
+
|
235
272
|
namespace {
|
236
273
|
|
237
274
|
class MallocRefCount {
|