grpc 1.30.2 → 1.31.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +560 -619
- data/include/grpc/grpc_security_constants.h +3 -0
- data/include/grpc/impl/codegen/grpc_types.h +7 -5
- data/include/grpc/impl/codegen/port_platform.h +0 -32
- data/src/core/ext/filters/client_channel/backend_metric.cc +12 -9
- data/src/core/ext/filters/client_channel/client_channel.cc +406 -265
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +2 -0
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +39 -23
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +4 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +376 -68
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +5 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +6 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +8 -6
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +9 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +7 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -48
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +6 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +21 -18
- data/src/core/ext/filters/client_channel/resolver_registry.cc +13 -14
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +6 -7
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +33 -28
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +39 -20
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +1 -1
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +327 -123
- data/src/core/ext/filters/client_channel/xds/xds_api.h +72 -7
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +12 -23
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +112 -33
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +10 -10
- data/src/core/ext/filters/http/client/http_client_filter.cc +5 -5
- data/src/core/ext/filters/http/http_filters_plugin.cc +2 -1
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +74 -33
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +3 -1
- data/src/core/ext/filters/message_size/message_size_filter.cc +56 -80
- data/src/core/ext/filters/message_size/message_size_filter.h +6 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +383 -347
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +19 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +22 -27
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/internal.h +13 -0
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/writing.cc +9 -14
- data/src/core/ext/transport/inproc/inproc_transport.cc +35 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +80 -69
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +24 -23
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +66 -56
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +317 -311
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +9 -8
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +163 -169
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +4 -5
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +137 -117
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +105 -87
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +12 -13
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +49 -42
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +81 -65
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +648 -696
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +234 -199
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +13 -13
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +20 -18
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +18 -17
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +3 -3
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +412 -386
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +5 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.h +536 -535
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +5 -15
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/string.cc +10 -9
- data/src/core/lib/gpr/string.h +4 -2
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/http/httpcli.cc +13 -10
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -0
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +5 -6
- data/src/core/lib/iomgr/ev_epollex_linux.cc +15 -21
- data/src/core/lib/iomgr/ev_poll_posix.cc +6 -5
- data/src/core/lib/iomgr/ev_posix.cc +2 -0
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/port.h +1 -21
- data/src/core/lib/iomgr/resolve_address_custom.cc +13 -18
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -8
- data/src/core/lib/iomgr/resource_quota.cc +34 -31
- data/src/core/lib/iomgr/sockaddr_utils.cc +7 -5
- data/src/core/lib/iomgr/sockaddr_utils.h +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +95 -55
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +9 -11
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +27 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +9 -9
- data/src/core/lib/iomgr/tcp_custom.cc +1 -1
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +6 -14
- data/src/core/lib/iomgr/tcp_server_posix.cc +34 -41
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -7
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +4 -9
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/timer_generic.cc +13 -12
- data/src/core/lib/iomgr/udp_server.cc +24 -23
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json_reader.cc +20 -21
- data/src/core/lib/security/credentials/credentials.h +5 -3
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +12 -9
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +19 -28
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +10 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +10 -10
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +18 -11
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +5 -0
- data/src/core/lib/security/security_connector/ssl_utils.cc +44 -23
- data/src/core/lib/security/security_connector/ssl_utils.h +6 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +27 -24
- data/src/core/lib/security/transport/client_auth_filter.cc +10 -9
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_internal.h +1 -0
- data/src/core/lib/surface/call.cc +40 -41
- data/src/core/lib/surface/completion_queue.cc +271 -14
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/server.cc +565 -632
- data/src/core/lib/surface/server.h +34 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/transport.h +6 -0
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +23 -13
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +2 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/ssl_transport_security.cc +102 -11
- data/src/core/tsi/ssl_transport_security.h +14 -2
- data/src/core/tsi/transport_security_interface.h +5 -0
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +3 -2
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +54 -10
- data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/err_data.c +89 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +12 -52
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +0 -22
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +11 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +24 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +116 -363
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +7 -45
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +28 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +33 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -10
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +789 -715
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +9 -2
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +9 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +17 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -7
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +28 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +4 -24
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +45 -24
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +31 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +12 -9
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +40 -37
- data/third_party/upb/upb/generated_util.h +0 -105
|
@@ -20,22 +20,24 @@
|
|
|
20
20
|
|
|
21
21
|
#include "src/core/lib/security/credentials/google_default/google_default_credentials.h"
|
|
22
22
|
|
|
23
|
+
#include <string>
|
|
24
|
+
|
|
25
|
+
#include "absl/strings/str_cat.h"
|
|
26
|
+
|
|
23
27
|
#include <grpc/support/alloc.h>
|
|
24
28
|
#include <grpc/support/log.h>
|
|
25
|
-
#include <grpc/support/string_util.h>
|
|
26
29
|
|
|
27
30
|
#include "src/core/lib/gpr/env.h"
|
|
28
|
-
#include "src/core/lib/gpr/string.h"
|
|
29
31
|
|
|
30
|
-
|
|
31
|
-
char* result = nullptr;
|
|
32
|
+
std::string grpc_get_well_known_google_credentials_file_path_impl(void) {
|
|
32
33
|
char* base = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_PATH_ENV_VAR);
|
|
33
34
|
if (base == nullptr) {
|
|
34
35
|
gpr_log(GPR_ERROR, "Could not get " GRPC_GOOGLE_CREDENTIALS_PATH_ENV_VAR
|
|
35
36
|
" environment variable.");
|
|
36
|
-
return
|
|
37
|
+
return "";
|
|
37
38
|
}
|
|
38
|
-
|
|
39
|
+
std::string result =
|
|
40
|
+
absl::StrCat(base, "/", GRPC_GOOGLE_CREDENTIALS_PATH_SUFFIX);
|
|
39
41
|
gpr_free(base);
|
|
40
42
|
return result;
|
|
41
43
|
}
|
|
@@ -216,18 +216,19 @@ static int is_metadata_server_reachable() {
|
|
|
216
216
|
|
|
217
217
|
/* Takes ownership of creds_path if not NULL. */
|
|
218
218
|
static grpc_error* create_default_creds_from_path(
|
|
219
|
-
|
|
219
|
+
const std::string& creds_path,
|
|
220
|
+
grpc_core::RefCountedPtr<grpc_call_credentials>* creds) {
|
|
220
221
|
grpc_auth_json_key key;
|
|
221
222
|
grpc_auth_refresh_token token;
|
|
222
223
|
grpc_core::RefCountedPtr<grpc_call_credentials> result;
|
|
223
224
|
grpc_slice creds_data = grpc_empty_slice();
|
|
224
225
|
grpc_error* error = GRPC_ERROR_NONE;
|
|
225
226
|
Json json;
|
|
226
|
-
if (creds_path
|
|
227
|
+
if (creds_path.empty()) {
|
|
227
228
|
error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("creds_path unset");
|
|
228
229
|
goto end;
|
|
229
230
|
}
|
|
230
|
-
error = grpc_load_file(creds_path, 0, &creds_data);
|
|
231
|
+
error = grpc_load_file(creds_path.c_str(), 0, &creds_data);
|
|
231
232
|
if (error != GRPC_ERROR_NONE) goto end;
|
|
232
233
|
json = Json::Parse(grpc_core::StringViewFromSlice(creds_data), &error);
|
|
233
234
|
if (error != GRPC_ERROR_NONE) goto end;
|
|
@@ -267,7 +268,6 @@ static grpc_error* create_default_creds_from_path(
|
|
|
267
268
|
|
|
268
269
|
end:
|
|
269
270
|
GPR_ASSERT((result == nullptr) + (error == GRPC_ERROR_NONE) == 1);
|
|
270
|
-
if (creds_path != nullptr) gpr_free(creds_path);
|
|
271
271
|
grpc_slice_unref_internal(creds_data);
|
|
272
272
|
*creds = result;
|
|
273
273
|
return error;
|
|
@@ -286,10 +286,13 @@ grpc_channel_credentials* grpc_google_default_credentials_create() {
|
|
|
286
286
|
gpr_once_init(&g_once, init_default_credentials);
|
|
287
287
|
|
|
288
288
|
/* First, try the environment variable. */
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
289
|
+
char* path_from_env = gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR);
|
|
290
|
+
if (path_from_env != nullptr) {
|
|
291
|
+
err = create_default_creds_from_path(path_from_env, &call_creds);
|
|
292
|
+
gpr_free(path_from_env);
|
|
293
|
+
if (err == GRPC_ERROR_NONE) goto end;
|
|
294
|
+
error = grpc_error_add_child(error, err);
|
|
295
|
+
}
|
|
293
296
|
|
|
294
297
|
/* Then the well-known file. */
|
|
295
298
|
err = create_default_creds_from_path(
|
|
@@ -372,7 +375,7 @@ void grpc_flush_cached_google_default_credentials(void) {
|
|
|
372
375
|
|
|
373
376
|
static grpc_well_known_credentials_path_getter creds_path_getter = nullptr;
|
|
374
377
|
|
|
375
|
-
|
|
378
|
+
std::string grpc_get_well_known_google_credentials_file_path(void) {
|
|
376
379
|
if (creds_path_getter != nullptr) return creds_path_getter();
|
|
377
380
|
return grpc_get_well_known_google_credentials_file_path_impl();
|
|
378
381
|
}
|
|
@@ -23,8 +23,13 @@
|
|
|
23
23
|
#include <inttypes.h>
|
|
24
24
|
#include <string.h>
|
|
25
25
|
|
|
26
|
+
#include <string>
|
|
27
|
+
|
|
28
|
+
#include "absl/strings/str_cat.h"
|
|
29
|
+
|
|
26
30
|
#include "src/core/lib/gprpp/ref_counted.h"
|
|
27
31
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
|
32
|
+
#include "src/core/lib/slice/slice_internal.h"
|
|
28
33
|
#include "src/core/lib/surface/api_trace.h"
|
|
29
34
|
|
|
30
35
|
#include <grpc/support/alloc.h>
|
|
@@ -81,16 +86,14 @@ bool grpc_service_account_jwt_access_credentials::get_request_metadata(
|
|
|
81
86
|
jwt = grpc_jwt_encode_and_sign(&key_, context.service_url, jwt_lifetime_,
|
|
82
87
|
nullptr);
|
|
83
88
|
if (jwt != nullptr) {
|
|
84
|
-
|
|
85
|
-
gpr_asprintf(&md_value, "Bearer %s", jwt);
|
|
89
|
+
std::string md_value = absl::StrCat("Bearer ", jwt);
|
|
86
90
|
gpr_free(jwt);
|
|
87
91
|
cached_.jwt_expiration =
|
|
88
92
|
gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), jwt_lifetime_);
|
|
89
93
|
cached_.service_url = gpr_strdup(context.service_url);
|
|
90
94
|
cached_.jwt_md = grpc_mdelem_from_slices(
|
|
91
95
|
grpc_slice_from_static_string(GRPC_AUTHORIZATION_METADATA_KEY),
|
|
92
|
-
|
|
93
|
-
gpr_free(md_value);
|
|
96
|
+
grpc_slice_from_cpp_string(std::move(md_value)));
|
|
94
97
|
jwt_md = GRPC_MDELEM_REF(cached_.jwt_md);
|
|
95
98
|
}
|
|
96
99
|
gpr_mu_unlock(&cache_mu_);
|
|
@@ -24,6 +24,8 @@
|
|
|
24
24
|
#include <string.h>
|
|
25
25
|
|
|
26
26
|
#include "absl/container/inlined_vector.h"
|
|
27
|
+
#include "absl/strings/str_cat.h"
|
|
28
|
+
#include "absl/strings/str_format.h"
|
|
27
29
|
#include "absl/strings/str_join.h"
|
|
28
30
|
|
|
29
31
|
#include <grpc/grpc_security.h>
|
|
@@ -33,7 +35,6 @@
|
|
|
33
35
|
#include <grpc/support/log.h>
|
|
34
36
|
#include <grpc/support/string_util.h>
|
|
35
37
|
|
|
36
|
-
#include "absl/strings/str_format.h"
|
|
37
38
|
#include "src/core/lib/gpr/string.h"
|
|
38
39
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
|
39
40
|
#include "src/core/lib/iomgr/error.h"
|
|
@@ -136,7 +137,6 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response(
|
|
|
136
137
|
const grpc_http_response* response, grpc_mdelem* token_md,
|
|
137
138
|
grpc_millis* token_lifetime) {
|
|
138
139
|
char* null_terminated_body = nullptr;
|
|
139
|
-
char* new_access_token = nullptr;
|
|
140
140
|
grpc_credentials_status status = GRPC_CREDENTIALS_OK;
|
|
141
141
|
Json json;
|
|
142
142
|
|
|
@@ -202,12 +202,12 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response(
|
|
|
202
202
|
goto end;
|
|
203
203
|
}
|
|
204
204
|
expires_in = it->second.string_value().c_str();
|
|
205
|
-
gpr_asprintf(&new_access_token, "%s %s", token_type, access_token);
|
|
206
205
|
*token_lifetime = strtol(expires_in, nullptr, 10) * GPR_MS_PER_SEC;
|
|
207
206
|
if (!GRPC_MDISNULL(*token_md)) GRPC_MDELEM_UNREF(*token_md);
|
|
208
207
|
*token_md = grpc_mdelem_from_slices(
|
|
209
208
|
grpc_core::ExternallyManagedSlice(GRPC_AUTHORIZATION_METADATA_KEY),
|
|
210
|
-
|
|
209
|
+
grpc_slice_from_cpp_string(
|
|
210
|
+
absl::StrCat(token_type, " ", access_token)));
|
|
211
211
|
status = GRPC_CREDENTIALS_OK;
|
|
212
212
|
}
|
|
213
213
|
|
|
@@ -216,8 +216,7 @@ end:
|
|
|
216
216
|
GRPC_MDELEM_UNREF(*token_md);
|
|
217
217
|
*token_md = GRPC_MDNULL;
|
|
218
218
|
}
|
|
219
|
-
|
|
220
|
-
if (new_access_token != nullptr) gpr_free(new_access_token);
|
|
219
|
+
gpr_free(null_terminated_body);
|
|
221
220
|
return status;
|
|
222
221
|
}
|
|
223
222
|
|
|
@@ -442,10 +441,9 @@ void grpc_google_refresh_token_credentials::fetch_oauth2(
|
|
|
442
441
|
const_cast<char*>("Content-Type"),
|
|
443
442
|
const_cast<char*>("application/x-www-form-urlencoded")};
|
|
444
443
|
grpc_httpcli_request request;
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
refresh_token_.refresh_token);
|
|
444
|
+
std::string body = absl::StrFormat(
|
|
445
|
+
GRPC_REFRESH_TOKEN_POST_BODY_FORMAT_STRING, refresh_token_.client_id,
|
|
446
|
+
refresh_token_.client_secret, refresh_token_.refresh_token);
|
|
449
447
|
memset(&request, 0, sizeof(grpc_httpcli_request));
|
|
450
448
|
request.host = (char*)GRPC_GOOGLE_OAUTH2_SERVICE_HOST;
|
|
451
449
|
request.http.path = (char*)GRPC_GOOGLE_OAUTH2_SERVICE_TOKEN_PATH;
|
|
@@ -457,13 +455,12 @@ void grpc_google_refresh_token_credentials::fetch_oauth2(
|
|
|
457
455
|
extreme memory pressure. */
|
|
458
456
|
grpc_resource_quota* resource_quota =
|
|
459
457
|
grpc_resource_quota_create("oauth2_credentials_refresh");
|
|
460
|
-
grpc_httpcli_post(httpcli_context, pollent, resource_quota, &request,
|
|
461
|
-
|
|
458
|
+
grpc_httpcli_post(httpcli_context, pollent, resource_quota, &request,
|
|
459
|
+
body.c_str(), body.size(), deadline,
|
|
462
460
|
GRPC_CLOSURE_INIT(&http_post_cb_closure_, response_cb,
|
|
463
461
|
metadata_req, grpc_schedule_on_exec_ctx),
|
|
464
462
|
&metadata_req->response);
|
|
465
463
|
grpc_resource_quota_unref_internal(resource_quota);
|
|
466
|
-
gpr_free(body);
|
|
467
464
|
}
|
|
468
465
|
|
|
469
466
|
grpc_google_refresh_token_credentials::grpc_google_refresh_token_credentials(
|
|
@@ -487,16 +484,15 @@ std::string grpc_google_refresh_token_credentials::debug_string() {
|
|
|
487
484
|
grpc_oauth2_token_fetcher_credentials::debug_string());
|
|
488
485
|
}
|
|
489
486
|
|
|
490
|
-
static
|
|
487
|
+
static std::string create_loggable_refresh_token(
|
|
488
|
+
grpc_auth_refresh_token* token) {
|
|
491
489
|
if (strcmp(token->type, GRPC_AUTH_JSON_TYPE_INVALID) == 0) {
|
|
492
|
-
return
|
|
490
|
+
return "<Invalid json token>";
|
|
493
491
|
}
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
token->type, token->client_id);
|
|
499
|
-
return loggable_token;
|
|
492
|
+
return absl::StrFormat(
|
|
493
|
+
"{\n type: %s\n client_id: %s\n client_secret: "
|
|
494
|
+
"<redacted>\n refresh_token: <redacted>\n}",
|
|
495
|
+
token->type, token->client_id);
|
|
500
496
|
}
|
|
501
497
|
|
|
502
498
|
grpc_call_credentials* grpc_google_refresh_token_credentials_create(
|
|
@@ -504,12 +500,10 @@ grpc_call_credentials* grpc_google_refresh_token_credentials_create(
|
|
|
504
500
|
grpc_auth_refresh_token token =
|
|
505
501
|
grpc_auth_refresh_token_create_from_string(json_refresh_token);
|
|
506
502
|
if (GRPC_TRACE_FLAG_ENABLED(grpc_api_trace)) {
|
|
507
|
-
char* loggable_token = create_loggable_refresh_token(&token);
|
|
508
503
|
gpr_log(GPR_INFO,
|
|
509
504
|
"grpc_refresh_token_credentials_create(json_refresh_token=%s, "
|
|
510
505
|
"reserved=%p)",
|
|
511
|
-
|
|
512
|
-
gpr_free(loggable_token);
|
|
506
|
+
create_loggable_refresh_token(&token).c_str(), reserved);
|
|
513
507
|
}
|
|
514
508
|
GPR_ASSERT(reserved == nullptr);
|
|
515
509
|
return grpc_refresh_token_credentials_create_from_auth_refresh_token(token)
|
|
@@ -744,13 +738,10 @@ void grpc_access_token_credentials::cancel_get_request_metadata(
|
|
|
744
738
|
grpc_access_token_credentials::grpc_access_token_credentials(
|
|
745
739
|
const char* access_token)
|
|
746
740
|
: grpc_call_credentials(GRPC_CALL_CREDENTIALS_TYPE_OAUTH2) {
|
|
747
|
-
char* token_md_value;
|
|
748
|
-
gpr_asprintf(&token_md_value, "Bearer %s", access_token);
|
|
749
741
|
grpc_core::ExecCtx exec_ctx;
|
|
750
742
|
access_token_md_ = grpc_mdelem_from_slices(
|
|
751
743
|
grpc_core::ExternallyManagedSlice(GRPC_AUTHORIZATION_METADATA_KEY),
|
|
752
|
-
|
|
753
|
-
gpr_free(token_md_value);
|
|
744
|
+
grpc_slice_from_cpp_string(absl::StrCat("Bearer ", access_token)));
|
|
754
745
|
}
|
|
755
746
|
|
|
756
747
|
std::string grpc_access_token_credentials::debug_string() {
|
|
@@ -22,10 +22,11 @@
|
|
|
22
22
|
|
|
23
23
|
#include <string.h>
|
|
24
24
|
|
|
25
|
+
#include "absl/strings/str_cat.h"
|
|
26
|
+
|
|
25
27
|
#include <grpc/grpc.h>
|
|
26
28
|
#include <grpc/support/alloc.h>
|
|
27
29
|
#include <grpc/support/log.h>
|
|
28
|
-
#include <grpc/support/string_util.h>
|
|
29
30
|
#include <grpc/support/sync.h>
|
|
30
31
|
|
|
31
32
|
#include "src/core/lib/slice/slice_internal.h"
|
|
@@ -86,11 +87,10 @@ static grpc_error* process_plugin_result(
|
|
|
86
87
|
size_t num_md, grpc_status_code status, const char* error_details) {
|
|
87
88
|
grpc_error* error = GRPC_ERROR_NONE;
|
|
88
89
|
if (status != GRPC_STATUS_OK) {
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
gpr_free(msg);
|
|
90
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
91
|
+
absl::StrCat("Getting metadata from plugin failed with error: ",
|
|
92
|
+
error_details)
|
|
93
|
+
.c_str());
|
|
94
94
|
} else {
|
|
95
95
|
bool seen_illegal_header = false;
|
|
96
96
|
for (size_t i = 0; i < num_md; ++i) {
|
|
@@ -117,6 +117,16 @@ void grpc_ssl_credentials::build_config(
|
|
|
117
117
|
}
|
|
118
118
|
}
|
|
119
119
|
|
|
120
|
+
void grpc_ssl_credentials::set_min_tls_version(
|
|
121
|
+
grpc_tls_version min_tls_version) {
|
|
122
|
+
config_.min_tls_version = min_tls_version;
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
void grpc_ssl_credentials::set_max_tls_version(
|
|
126
|
+
grpc_tls_version max_tls_version) {
|
|
127
|
+
config_.max_tls_version = max_tls_version;
|
|
128
|
+
}
|
|
129
|
+
|
|
120
130
|
/* Deprecated in favor of grpc_ssl_credentials_create_ex. Will be removed
|
|
121
131
|
* once all of its call sites are migrated to grpc_ssl_credentials_create_ex. */
|
|
122
132
|
grpc_channel_credentials* grpc_ssl_credentials_create(
|
|
@@ -213,6 +223,16 @@ void grpc_ssl_server_credentials::build_config(
|
|
|
213
223
|
config_.num_key_cert_pairs = num_key_cert_pairs;
|
|
214
224
|
}
|
|
215
225
|
|
|
226
|
+
void grpc_ssl_server_credentials::set_min_tls_version(
|
|
227
|
+
grpc_tls_version min_tls_version) {
|
|
228
|
+
config_.min_tls_version = min_tls_version;
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
void grpc_ssl_server_credentials::set_max_tls_version(
|
|
232
|
+
grpc_tls_version max_tls_version) {
|
|
233
|
+
config_.max_tls_version = max_tls_version;
|
|
234
|
+
}
|
|
235
|
+
|
|
216
236
|
grpc_ssl_server_certificate_config* grpc_ssl_server_certificate_config_create(
|
|
217
237
|
const char* pem_root_certs,
|
|
218
238
|
const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
|
|
@@ -38,6 +38,11 @@ class grpc_ssl_credentials : public grpc_channel_credentials {
|
|
|
38
38
|
const char* target, const grpc_channel_args* args,
|
|
39
39
|
grpc_channel_args** new_args) override;
|
|
40
40
|
|
|
41
|
+
// TODO(mattstev): Plumb to wrapped languages. Until then, setting the TLS
|
|
42
|
+
// version should be done for testing purposes only.
|
|
43
|
+
void set_min_tls_version(grpc_tls_version min_tls_version);
|
|
44
|
+
void set_max_tls_version(grpc_tls_version max_tls_version);
|
|
45
|
+
|
|
41
46
|
private:
|
|
42
47
|
void build_config(const char* pem_root_certs,
|
|
43
48
|
grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
|
|
@@ -77,6 +82,11 @@ class grpc_ssl_server_credentials final : public grpc_server_credentials {
|
|
|
77
82
|
config);
|
|
78
83
|
}
|
|
79
84
|
|
|
85
|
+
// TODO(mattstev): Plumb to wrapped languages. Until then, setting the TLS
|
|
86
|
+
// version should be done for testing purposes only.
|
|
87
|
+
void set_min_tls_version(grpc_tls_version min_tls_version);
|
|
88
|
+
void set_max_tls_version(grpc_tls_version max_tls_version);
|
|
89
|
+
|
|
80
90
|
const grpc_ssl_server_config& config() const { return config_; }
|
|
81
91
|
|
|
82
92
|
private:
|
|
@@ -264,6 +264,8 @@ struct grpc_tls_credentials_options
|
|
|
264
264
|
grpc_tls_server_verification_option server_verification_option() const {
|
|
265
265
|
return server_verification_option_;
|
|
266
266
|
}
|
|
267
|
+
grpc_tls_version min_tls_version() const { return min_tls_version_; }
|
|
268
|
+
grpc_tls_version max_tls_version() const { return max_tls_version_; }
|
|
267
269
|
grpc_tls_key_materials_config* key_materials_config() const {
|
|
268
270
|
return key_materials_config_.get();
|
|
269
271
|
}
|
|
@@ -284,6 +286,12 @@ struct grpc_tls_credentials_options
|
|
|
284
286
|
const grpc_tls_server_verification_option server_verification_option) {
|
|
285
287
|
server_verification_option_ = server_verification_option;
|
|
286
288
|
}
|
|
289
|
+
void set_min_tls_version(grpc_tls_version min_tls_version) {
|
|
290
|
+
min_tls_version_ = min_tls_version;
|
|
291
|
+
}
|
|
292
|
+
void set_max_tls_version(grpc_tls_version max_tls_version) {
|
|
293
|
+
max_tls_version_ = max_tls_version;
|
|
294
|
+
}
|
|
287
295
|
void set_key_materials_config(
|
|
288
296
|
grpc_core::RefCountedPtr<grpc_tls_key_materials_config> config) {
|
|
289
297
|
key_materials_config_ = std::move(config);
|
|
@@ -302,6 +310,8 @@ struct grpc_tls_credentials_options
|
|
|
302
310
|
grpc_ssl_client_certificate_request_type cert_request_type_;
|
|
303
311
|
grpc_tls_server_verification_option server_verification_option_ =
|
|
304
312
|
GRPC_TLS_SERVER_VERIFICATION;
|
|
313
|
+
grpc_tls_version min_tls_version_ = grpc_tls_version::TLS1_2;
|
|
314
|
+
grpc_tls_version max_tls_version_ = grpc_tls_version::TLS1_3;
|
|
305
315
|
grpc_core::RefCountedPtr<grpc_tls_key_materials_config> key_materials_config_;
|
|
306
316
|
grpc_core::RefCountedPtr<grpc_tls_credential_reload_config>
|
|
307
317
|
credential_reload_config_;
|
|
@@ -22,6 +22,8 @@
|
|
|
22
22
|
|
|
23
23
|
#include <stdbool.h>
|
|
24
24
|
|
|
25
|
+
#include "absl/strings/str_cat.h"
|
|
26
|
+
|
|
25
27
|
#include <grpc/support/alloc.h>
|
|
26
28
|
#include <grpc/support/log.h>
|
|
27
29
|
#include <grpc/support/string_util.h>
|
|
@@ -227,11 +229,10 @@ static void fake_check_peer(
|
|
|
227
229
|
prop_name = peer.properties[0].name;
|
|
228
230
|
if (prop_name == nullptr ||
|
|
229
231
|
strcmp(prop_name, TSI_CERTIFICATE_TYPE_PEER_PROPERTY)) {
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
gpr_free(msg);
|
|
232
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
233
|
+
absl::StrCat("Unexpected property in fake peer: ",
|
|
234
|
+
prop_name == nullptr ? "<EMPTY>" : prop_name)
|
|
235
|
+
.c_str());
|
|
235
236
|
goto end;
|
|
236
237
|
}
|
|
237
238
|
if (strncmp(peer.properties[0].value.data, TSI_FAKE_CERTIFICATE_TYPE,
|
|
@@ -243,11 +244,10 @@ static void fake_check_peer(
|
|
|
243
244
|
prop_name = peer.properties[1].name;
|
|
244
245
|
if (prop_name == nullptr ||
|
|
245
246
|
strcmp(prop_name, TSI_SECURITY_LEVEL_PEER_PROPERTY) != 0) {
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
gpr_free(msg);
|
|
247
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
248
|
+
absl::StrCat("Unexpected property in fake peer: ",
|
|
249
|
+
prop_name == nullptr ? "<EMPTY>" : prop_name)
|
|
250
|
+
.c_str());
|
|
251
251
|
goto end;
|
|
252
252
|
}
|
|
253
253
|
if (strncmp(peer.properties[1].value.data, TSI_FAKE_SECURITY_LEVEL,
|
|
@@ -46,6 +46,8 @@ grpc_server_security_connector::grpc_server_security_connector(
|
|
|
46
46
|
: grpc_security_connector(url_scheme),
|
|
47
47
|
server_creds_(std::move(server_creds)) {}
|
|
48
48
|
|
|
49
|
+
grpc_server_security_connector::~grpc_server_security_connector() = default;
|
|
50
|
+
|
|
49
51
|
grpc_channel_security_connector::grpc_channel_security_connector(
|
|
50
52
|
const char* url_scheme,
|
|
51
53
|
grpc_core::RefCountedPtr<grpc_channel_credentials> channel_creds,
|
|
@@ -151,7 +151,7 @@ class grpc_server_security_connector : public grpc_security_connector {
|
|
|
151
151
|
grpc_server_security_connector(
|
|
152
152
|
const char* url_scheme,
|
|
153
153
|
grpc_core::RefCountedPtr<grpc_server_credentials> server_creds);
|
|
154
|
-
~grpc_server_security_connector() override
|
|
154
|
+
~grpc_server_security_connector() override;
|
|
155
155
|
|
|
156
156
|
virtual void add_handshakers(const grpc_channel_args* args,
|
|
157
157
|
grpc_pollset_set* interested_parties,
|
|
@@ -22,17 +22,19 @@
|
|
|
22
22
|
|
|
23
23
|
#include <stdbool.h>
|
|
24
24
|
|
|
25
|
+
#include "absl/strings/str_cat.h"
|
|
26
|
+
#include "absl/strings/str_format.h"
|
|
25
27
|
#include "absl/strings/string_view.h"
|
|
26
28
|
|
|
27
29
|
#include <grpc/support/alloc.h>
|
|
28
30
|
#include <grpc/support/log.h>
|
|
29
|
-
#include <grpc/support/string_util.h>
|
|
30
31
|
|
|
31
32
|
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
|
|
32
33
|
#include "src/core/lib/channel/handshaker.h"
|
|
33
34
|
#include "src/core/lib/gpr/string.h"
|
|
34
35
|
#include "src/core/lib/gprpp/host_port.h"
|
|
35
36
|
#include "src/core/lib/gprpp/ref_counted_ptr.h"
|
|
37
|
+
#include "src/core/lib/gprpp/sync.h"
|
|
36
38
|
#include "src/core/lib/security/context/security_context.h"
|
|
37
39
|
#include "src/core/lib/security/credentials/credentials.h"
|
|
38
40
|
#include "src/core/lib/security/credentials/ssl/ssl_credentials.h"
|
|
@@ -52,11 +54,9 @@ grpc_error* ssl_check_peer(
|
|
|
52
54
|
}
|
|
53
55
|
/* Check the peer name if specified. */
|
|
54
56
|
if (peer_name != nullptr && !grpc_ssl_host_matches_name(peer, peer_name)) {
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
gpr_free(msg);
|
|
59
|
-
return error;
|
|
57
|
+
return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
58
|
+
absl::StrCat("Peer name ", peer_name, " is not in peer certificate")
|
|
59
|
+
.c_str());
|
|
60
60
|
}
|
|
61
61
|
*auth_context =
|
|
62
62
|
grpc_ssl_peer_to_auth_context(peer, GRPC_SSL_TRANSPORT_SECURITY_TYPE);
|
|
@@ -106,6 +106,8 @@ class grpc_ssl_channel_security_connector final
|
|
|
106
106
|
}
|
|
107
107
|
options.cipher_suites = grpc_get_ssl_cipher_suites();
|
|
108
108
|
options.session_cache = ssl_session_cache;
|
|
109
|
+
options.min_tls_version = grpc_get_tsi_tls_version(config->min_tls_version);
|
|
110
|
+
options.max_tls_version = grpc_get_tsi_tls_version(config->max_tls_version);
|
|
109
111
|
const tsi_result result =
|
|
110
112
|
tsi_create_ssl_client_handshaker_factory_with_options(
|
|
111
113
|
&options, &client_handshaker_factory_);
|
|
@@ -160,11 +162,10 @@ class grpc_ssl_channel_security_connector final
|
|
|
160
162
|
verify_options_->verify_peer_callback_userdata);
|
|
161
163
|
gpr_free(peer_pem);
|
|
162
164
|
if (callback_status) {
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
gpr_free(msg);
|
|
165
|
+
error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(
|
|
166
|
+
absl::StrFormat("Verify peer callback returned a failure (%d)",
|
|
167
|
+
callback_status)
|
|
168
|
+
.c_str());
|
|
168
169
|
}
|
|
169
170
|
}
|
|
170
171
|
}
|
|
@@ -250,6 +251,10 @@ class grpc_ssl_server_security_connector
|
|
|
250
251
|
options.cipher_suites = grpc_get_ssl_cipher_suites();
|
|
251
252
|
options.alpn_protocols = alpn_protocol_strings;
|
|
252
253
|
options.num_alpn_protocols = static_cast<uint16_t>(num_alpn_protocols);
|
|
254
|
+
options.min_tls_version = grpc_get_tsi_tls_version(
|
|
255
|
+
server_credentials->config().min_tls_version);
|
|
256
|
+
options.max_tls_version = grpc_get_tsi_tls_version(
|
|
257
|
+
server_credentials->config().max_tls_version);
|
|
253
258
|
const tsi_result result =
|
|
254
259
|
tsi_create_ssl_server_handshaker_factory_with_options(
|
|
255
260
|
&options, &server_handshaker_factory_);
|
|
@@ -302,6 +307,7 @@ class grpc_ssl_server_security_connector
|
|
|
302
307
|
bool status;
|
|
303
308
|
if (!has_cert_config_fetcher()) return false;
|
|
304
309
|
|
|
310
|
+
grpc_core::MutexLock lock(&mu_);
|
|
305
311
|
grpc_ssl_server_credentials* server_creds =
|
|
306
312
|
static_cast<grpc_ssl_server_credentials*>(this->mutable_server_creds());
|
|
307
313
|
grpc_ssl_certificate_config_reload_status cb_result =
|
|
@@ -381,6 +387,7 @@ class grpc_ssl_server_security_connector
|
|
|
381
387
|
server_handshaker_factory_ = new_factory;
|
|
382
388
|
}
|
|
383
389
|
|
|
390
|
+
grpc_core::Mutex mu_;
|
|
384
391
|
tsi_ssl_server_handshaker_factory* server_handshaker_factory_ = nullptr;
|
|
385
392
|
};
|
|
386
393
|
} // namespace
|