grpc 1.32.0 → 1.36.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +1086 -3054
- data/etc/roots.pem +257 -573
- data/include/grpc/compression.h +1 -1
- data/include/grpc/grpc.h +15 -7
- data/include/grpc/grpc_security.h +227 -171
- data/include/grpc/impl/codegen/atm_windows.h +4 -0
- data/include/grpc/impl/codegen/byte_buffer.h +1 -1
- data/include/grpc/impl/codegen/grpc_types.h +10 -8
- data/include/grpc/impl/codegen/log.h +0 -2
- data/include/grpc/impl/codegen/port_platform.h +22 -55
- data/include/grpc/impl/codegen/sync_windows.h +4 -0
- data/include/grpc/slice_buffer.h +3 -3
- data/include/grpc/support/sync.h +3 -3
- data/include/grpc/support/time.h +7 -7
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -4
- data/src/core/ext/filters/client_channel/client_channel.cc +2788 -1535
- data/src/core/ext/filters/client_channel/client_channel.h +0 -6
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
- data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
- data/src/core/ext/filters/client_channel/config_selector.h +40 -8
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +186 -0
- data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +10 -7
- data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -4
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +7 -8
- data/src/core/ext/filters/client_channel/http_proxy.cc +21 -20
- data/src/core/ext/filters/client_channel/lb_policy.cc +6 -2
- data/src/core/ext/filters/client_channel/lb_policy.h +6 -7
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +204 -195
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +58 -26
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +14 -34
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +478 -145
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +52 -24
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +29 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +810 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +722 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1384 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
- data/src/core/ext/filters/client_channel/resolver.cc +4 -5
- data/src/core/ext/filters/client_channel/resolver.h +5 -13
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +43 -59
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -32
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +443 -17
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +5 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +22 -23
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +21 -18
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +37 -30
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +566 -366
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
- data/src/core/ext/filters/client_channel/resolver_factory.h +6 -6
- data/src/core/ext/filters/client_channel/resolver_registry.cc +40 -39
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +29 -74
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +12 -10
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -3
- data/src/core/ext/filters/client_channel/retry_throttle.h +4 -2
- data/src/core/ext/filters/client_channel/server_address.cc +86 -0
- data/src/core/ext/filters/client_channel/server_address.h +52 -36
- data/src/core/ext/filters/client_channel/service_config.cc +18 -13
- data/src/core/ext/filters/client_channel/service_config.h +8 -5
- data/src/core/ext/filters/client_channel/service_config_call_data.h +19 -1
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
- data/src/core/ext/filters/client_channel/subchannel.cc +53 -66
- data/src/core/ext/filters/client_channel/subchannel.h +14 -20
- data/src/core/ext/filters/client_channel/subchannel_interface.h +41 -5
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +6 -2
- data/src/core/ext/filters/deadline/deadline_filter.cc +87 -79
- data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
- data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
- data/src/core/ext/filters/http/client_authority_filter.cc +6 -6
- data/src/core/ext/filters/http/http_filters_plugin.cc +6 -3
- data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
- data/src/core/ext/filters/max_age/max_age_filter.cc +36 -33
- data/src/core/ext/filters/message_size/message_size_filter.cc +3 -2
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
- data/src/core/ext/filters/workarounds/workaround_utils.cc +1 -1
- data/src/core/ext/transport/chttp2/client/authority.cc +3 -3
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +20 -8
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +21 -10
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +26 -14
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +226 -95
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -5
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +28 -42
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +10 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +13 -3
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
- data/src/core/ext/transport/chttp2/transport/internal.h +5 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +18 -3
- data/src/core/ext/transport/chttp2/transport/writing.cc +2 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +42 -8
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +52 -33
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +199 -34
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +13 -13
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +44 -17
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +171 -98
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +625 -202
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +13 -5
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +24 -23
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +62 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +36 -24
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +133 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +15 -6
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +70 -45
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +275 -78
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +31 -24
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +107 -47
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +149 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +74 -28
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +248 -43
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +41 -41
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +172 -89
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +17 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +63 -39
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +254 -60
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +1 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +9 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +42 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +126 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +13 -14
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +59 -36
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +61 -29
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +26 -26
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +101 -66
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +49 -27
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +204 -48
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +47 -26
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +181 -48
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +2 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +13 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +21 -17
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +96 -33
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +15 -13
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +70 -37
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +352 -199
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +1334 -443
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +8 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +34 -10
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +3 -4
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +17 -3
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +129 -80
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +525 -166
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +26 -24
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +121 -64
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +7 -6
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +29 -8
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +70 -29
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +296 -63
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +51 -34
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +188 -75
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +1 -4
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +1 -4
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +7 -8
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +31 -16
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +1 -3
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +7 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +29 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +22 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +46 -3
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +41 -8
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -0
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +19 -0
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +7 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +830 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +54 -37
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +171 -59
- data/src/core/ext/upb-generated/google/api/http.upb.c +3 -3
- data/src/core/ext/upb-generated/google/api/http.upb.h +25 -6
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +90 -90
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +455 -292
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +22 -3
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +7 -0
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +9 -9
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +55 -0
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +1 -1
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +10 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -3
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +41 -41
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +149 -76
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +5 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -6
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +2 -2
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +13 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +17 -17
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +82 -25
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +19 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +64 -0
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -0
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +2 -2
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +9 -2
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +7 -0
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +7 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +64 -64
- data/src/core/ext/upb-generated/validate/validate.upb.h +296 -157
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +28 -0
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +251 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +543 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +136 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +272 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +135 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +228 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +80 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +68 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +107 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +195 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +193 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +101 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +938 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +285 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +504 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +170 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +97 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +246 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +142 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +80 -0
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +80 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +69 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
- data/src/core/ext/{upb-generated/gogoproto/gogo.upb.h → upbdefs-generated/envoy/type/v3/http.upbdefs.h} +10 -9
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +310 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_factory.h +61 -0
- data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
- data/src/core/ext/xds/certificate_provider_registry.h +57 -0
- data/src/core/ext/xds/certificate_provider_store.cc +87 -0
- data/src/core/ext/xds/certificate_provider_store.h +112 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +144 -0
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +69 -0
- data/src/core/ext/xds/xds_api.cc +1149 -1058
- data/src/core/ext/xds/xds_api.h +215 -144
- data/src/core/ext/xds/xds_bootstrap.cc +228 -62
- data/src/core/ext/xds/xds_bootstrap.h +35 -12
- data/src/core/ext/xds/xds_certificate_provider.cc +405 -0
- data/src/core/ext/xds/xds_certificate_provider.h +151 -0
- data/src/core/ext/xds/xds_channel_args.h +6 -3
- data/src/core/ext/xds/xds_client.cc +620 -495
- data/src/core/ext/xds/xds_client.h +121 -58
- data/src/core/ext/xds/xds_client_stats.cc +61 -17
- data/src/core/ext/xds/xds_client_stats.h +35 -7
- data/src/core/ext/xds/xds_server_config_fetcher.cc +267 -0
- data/src/core/lib/channel/channel_args.cc +9 -8
- data/src/core/lib/channel/channel_args.h +0 -1
- data/src/core/lib/channel/channel_trace.cc +4 -2
- data/src/core/lib/channel/channel_trace.h +1 -1
- data/src/core/lib/channel/channelz.cc +23 -59
- data/src/core/lib/channel/channelz.h +13 -22
- data/src/core/lib/channel/channelz_registry.cc +12 -11
- data/src/core/lib/channel/channelz_registry.h +3 -1
- data/src/core/lib/channel/handshaker.cc +4 -7
- data/src/core/lib/channel/handshaker.h +3 -3
- data/src/core/lib/compression/compression.cc +8 -4
- data/src/core/lib/compression/compression_args.cc +3 -2
- data/src/core/lib/compression/compression_internal.cc +10 -5
- data/src/core/lib/compression/compression_internal.h +2 -1
- data/src/core/lib/compression/stream_compression_identity.cc +1 -3
- data/src/core/lib/debug/stats.h +2 -2
- data/src/core/lib/debug/stats_data.cc +1 -0
- data/src/core/lib/debug/stats_data.h +13 -13
- data/src/core/lib/gpr/alloc.cc +3 -2
- data/src/core/lib/gpr/cpu_iphone.cc +10 -2
- data/src/core/lib/gpr/log.cc +59 -17
- data/src/core/lib/gpr/log_linux.cc +19 -3
- data/src/core/lib/gpr/log_posix.cc +15 -1
- data/src/core/lib/gpr/log_windows.cc +18 -4
- data/src/core/lib/gpr/murmur_hash.cc +1 -1
- data/src/core/lib/gpr/spinlock.h +10 -2
- data/src/core/lib/gpr/string.cc +23 -22
- data/src/core/lib/gpr/string.h +5 -6
- data/src/core/lib/gpr/sync.cc +4 -4
- data/src/core/lib/gpr/time.cc +12 -12
- data/src/core/lib/gpr/time_precise.cc +5 -2
- data/src/core/lib/gpr/time_precise.h +6 -2
- data/src/core/lib/gpr/tls.h +4 -0
- data/src/core/lib/gpr/tls_msvc.h +2 -0
- data/src/core/lib/gpr/tls_stdcpp.h +48 -0
- data/src/core/lib/gpr/useful.h +5 -4
- data/src/core/lib/gprpp/arena.h +3 -2
- data/src/core/lib/gprpp/dual_ref_counted.h +331 -0
- data/src/core/lib/gprpp/examine_stack.cc +43 -0
- data/src/core/lib/gprpp/examine_stack.h +46 -0
- data/src/core/lib/gprpp/fork.cc +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/orphanable.h +4 -8
- data/src/core/lib/gprpp/ref_counted.h +91 -68
- data/src/core/lib/gprpp/ref_counted_ptr.h +166 -7
- data/src/core/lib/{security/authorization/mock_cel/statusor.h → gprpp/stat.h} +13 -25
- data/src/core/lib/gprpp/stat_posix.cc +49 -0
- data/src/core/lib/gprpp/stat_windows.cc +48 -0
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/thd.h +2 -2
- data/src/core/lib/gprpp/thd_posix.cc +42 -37
- data/src/core/lib/gprpp/thd_windows.cc +3 -1
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +3 -3
- data/src/core/lib/http/parser.cc +47 -27
- data/src/core/lib/iomgr/call_combiner.cc +8 -5
- data/src/core/lib/iomgr/combiner.cc +2 -1
- data/src/core/lib/iomgr/endpoint.h +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +9 -5
- data/src/core/lib/iomgr/error.cc +17 -12
- data/src/core/lib/iomgr/error_internal.h +1 -1
- data/src/core/lib/iomgr/ev_apple.cc +10 -7
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +20 -13
- data/src/core/lib/iomgr/ev_epollex_linux.cc +29 -21
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -7
- data/src/core/lib/iomgr/exec_ctx.cc +1 -1
- data/src/core/lib/iomgr/exec_ctx.h +16 -12
- data/src/core/lib/iomgr/executor.cc +2 -1
- data/src/core/lib/iomgr/executor.h +1 -1
- data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
- data/src/core/lib/iomgr/executor/threadpool.h +4 -4
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/load_file.h +1 -1
- data/src/core/lib/iomgr/lockfree_event.cc +19 -14
- data/src/core/lib/iomgr/lockfree_event.h +2 -2
- data/src/core/lib/iomgr/parse_address.cc +127 -43
- data/src/core/lib/iomgr/parse_address.h +32 -8
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +1 -1
- data/src/core/lib/iomgr/pollset_set_custom.cc +1 -1
- data/src/core/lib/iomgr/python_util.h +4 -4
- data/src/core/lib/iomgr/resolve_address.cc +4 -4
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
- data/src/core/lib/iomgr/resource_quota.cc +4 -4
- data/src/core/lib/iomgr/sockaddr_utils.cc +11 -11
- data/src/core/lib/iomgr/sockaddr_utils.h +1 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +3 -2
- data/src/core/lib/iomgr/socket_mutator.cc +3 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_custom.cc +7 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_custom.cc +22 -17
- data/src/core/lib/iomgr/tcp_posix.cc +16 -12
- data/src/core/lib/iomgr/tcp_server_custom.cc +28 -22
- data/src/core/lib/iomgr/timer_custom.cc +5 -5
- data/src/core/lib/iomgr/timer_generic.cc +3 -3
- data/src/core/lib/iomgr/timer_manager.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +1 -2
- data/src/core/lib/iomgr/udp_server.h +1 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +32 -21
- data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
- data/src/core/lib/json/json.h +12 -2
- data/src/core/lib/json/json_reader.cc +8 -4
- data/src/core/lib/json/json_util.cc +58 -0
- data/src/core/lib/json/json_util.h +204 -0
- data/src/core/lib/json/json_writer.cc +2 -1
- data/src/core/lib/security/authorization/evaluate_args.cc +5 -10
- data/src/core/lib/security/authorization/evaluate_args.h +1 -1
- data/src/core/lib/security/authorization/matchers.cc +339 -0
- data/src/core/lib/security/authorization/matchers.h +158 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +3 -1
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +5 -4
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +13 -7
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +6 -6
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +10 -9
- data/src/core/lib/security/context/security_context.cc +4 -3
- data/src/core/lib/security/context/security_context.h +3 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/credentials.cc +7 -7
- data/src/core/lib/security/credentials/credentials.h +5 -4
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +413 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +80 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +213 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.h +72 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +497 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.h +120 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +135 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +48 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +213 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +58 -0
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +3 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +25 -18
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +64 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -4
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +39 -46
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -4
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +7 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +346 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +213 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +399 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +138 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +78 -150
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +57 -187
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +18 -13
- data/src/core/lib/security/credentials/tls/tls_credentials.h +3 -3
- data/src/core/lib/security/credentials/tls/tls_utils.cc +91 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +38 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +244 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.h +69 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -13
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +121 -0
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +87 -0
- data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +3 -3
- data/src/core/lib/security/security_connector/security_connector.cc +4 -3
- data/src/core/lib/security/security_connector/security_connector.h +4 -2
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/ssl_utils.cc +5 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +19 -19
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +354 -279
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +105 -61
- data/src/core/lib/security/transport/secure_endpoint.cc +2 -2
- data/src/core/lib/security/transport/security_handshaker.cc +4 -6
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
- data/src/core/lib/security/util/json_util.h +1 -0
- data/src/core/lib/slice/slice.cc +7 -4
- data/src/core/lib/slice/slice_buffer.cc +2 -1
- data/src/core/lib/slice/slice_intern.cc +7 -8
- data/src/core/lib/slice/slice_internal.h +2 -2
- data/src/core/lib/surface/call.cc +41 -32
- data/src/core/lib/surface/call_details.cc +8 -8
- data/src/core/lib/surface/channel.cc +25 -41
- data/src/core/lib/surface/channel.h +9 -3
- data/src/core/lib/surface/channel_init.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +30 -24
- data/src/core/lib/surface/completion_queue.h +16 -16
- data/src/core/lib/surface/init.cc +45 -29
- data/src/core/lib/surface/lame_client.cc +20 -46
- data/src/core/lib/surface/lame_client.h +4 -0
- data/src/core/lib/surface/server.cc +66 -20
- data/src/core/lib/surface/server.h +42 -7
- data/src/core/lib/surface/validate_metadata.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/authority_override.cc +6 -4
- data/src/core/lib/transport/authority_override.h +7 -2
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/bdp_estimator.h +2 -1
- data/src/core/lib/transport/byte_stream.h +3 -3
- data/src/core/lib/transport/connectivity_state.h +11 -9
- data/src/core/lib/transport/error_utils.h +1 -1
- data/src/core/lib/transport/metadata.cc +16 -2
- data/src/core/lib/transport/metadata.h +2 -2
- data/src/core/lib/transport/metadata_batch.h +4 -4
- data/src/core/lib/transport/static_metadata.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +4 -3
- data/src/core/lib/transport/timeout_encoding.cc +4 -4
- data/src/core/lib/transport/transport.cc +5 -3
- data/src/core/lib/transport/transport.h +8 -8
- data/src/core/lib/uri/uri_parser.cc +131 -249
- data/src/core/lib/uri/uri_parser.h +57 -21
- data/src/core/plugin_registry/grpc_plugin_registry.cc +47 -20
- data/src/core/tsi/alts/crypt/gsec.cc +5 -4
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +8 -6
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +18 -21
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +43 -47
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +4 -4
- data/src/core/tsi/fake_transport_security.cc +7 -4
- data/src/core/tsi/local_transport_security.cc +5 -1
- data/src/core/tsi/local_transport_security.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +3 -2
- data/src/core/tsi/ssl_transport_security.cc +75 -58
- data/src/core/tsi/ssl_transport_security.h +6 -6
- data/src/core/tsi/transport_security.cc +10 -8
- data/src/core/tsi/transport_security_interface.h +1 -1
- data/src/ruby/ext/grpc/extconf.rb +1 -1
- data/src/ruby/ext/grpc/rb_event_thread.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +36 -16
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +70 -40
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +35 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +18 -0
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
- data/third_party/abseil-cpp/absl/algorithm/container.h +59 -22
- data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
- data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
- data/third_party/abseil-cpp/absl/base/casts.h +9 -6
- data/third_party/abseil-cpp/absl/base/config.h +60 -17
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
- data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +5 -0
- data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
- data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
- data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
- data/third_party/abseil-cpp/absl/base/macros.h +36 -109
- data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
- data/third_party/abseil-cpp/absl/base/options.h +31 -4
- data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
- data/third_party/abseil-cpp/absl/container/fixed_array.h +42 -25
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +2 -1
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
- data/third_party/abseil-cpp/absl/container/internal/common.h +6 -2
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +49 -29
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +15 -0
- data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +24 -7
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +35 -11
- data/third_party/abseil-cpp/absl/container/internal/have_sse.h +10 -9
- data/third_party/abseil-cpp/absl/container/internal/layout.h +7 -5
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +55 -34
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +5 -4
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +66 -16
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +4 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +13 -4
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +43 -24
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +12 -3
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +22 -1
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +0 -21
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +12 -1
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +100 -20
- data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +1 -1
- data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
- data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +2 -2
- data/third_party/abseil-cpp/absl/hash/hash.h +6 -5
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +73 -65
- data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
- data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
- data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +399 -0
- data/third_party/abseil-cpp/absl/status/status.cc +4 -6
- data/third_party/abseil-cpp/absl/status/status.h +502 -113
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +5 -10
- data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
- data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
- data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/cord.cc +91 -112
- data/third_party/abseil-cpp/absl/strings/cord.h +360 -205
- data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +45 -23
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
- data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
- data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
- data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
- data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
- data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +3 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +4 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +28 -28
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +4 -16
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +1 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +8 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +75 -64
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +15 -6
- data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
- data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
- data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
- data/third_party/abseil-cpp/absl/time/format.cc +43 -36
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
- data/third_party/abseil-cpp/absl/time/time.h +15 -16
- data/third_party/abseil-cpp/absl/types/internal/variant.h +4 -4
- data/third_party/abseil-cpp/absl/types/optional.h +9 -9
- data/third_party/abseil-cpp/absl/types/span.h +49 -36
- data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
- data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
- data/third_party/boringssl-with-bazel/err_data.c +728 -720
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -20
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +107 -54
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +155 -2
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +112 -36
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +63 -9
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +118 -49
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +267 -95
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +210 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +8 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +27 -21
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +32 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +38 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +25 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +32 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +42 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +10 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -546
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +15 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +21 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +62 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +10 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +16 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +106 -27
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +31 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +42 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +462 -163
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +593 -440
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +22 -21
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +13 -23
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +11 -6
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +82 -26
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +49 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +87 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +18 -22
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +537 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +59 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +194 -58
- data/third_party/upb/third_party/wyhash/wyhash.h +145 -0
- data/third_party/upb/upb/decode.c +248 -167
- data/third_party/upb/upb/decode.h +20 -1
- data/third_party/upb/upb/decode.int.h +163 -0
- data/third_party/upb/upb/decode_fast.c +1040 -0
- data/third_party/upb/upb/decode_fast.h +126 -0
- data/third_party/upb/upb/def.c +2178 -0
- data/third_party/upb/upb/def.h +315 -0
- data/third_party/upb/upb/def.hpp +439 -0
- data/third_party/upb/upb/encode.c +227 -169
- data/third_party/upb/upb/encode.h +27 -2
- data/third_party/upb/upb/json_decode.c +1443 -0
- data/third_party/upb/upb/json_decode.h +23 -0
- data/third_party/upb/upb/json_encode.c +713 -0
- data/third_party/upb/upb/json_encode.h +36 -0
- data/third_party/upb/upb/msg.c +167 -88
- data/third_party/upb/upb/msg.h +174 -34
- data/third_party/upb/upb/port_def.inc +74 -61
- data/third_party/upb/upb/port_undef.inc +3 -7
- data/third_party/upb/upb/reflection.c +408 -0
- data/third_party/upb/upb/reflection.h +168 -0
- data/third_party/upb/upb/table.c +34 -197
- data/third_party/upb/upb/table.int.h +14 -5
- data/third_party/upb/upb/text_encode.c +421 -0
- data/third_party/upb/upb/text_encode.h +38 -0
- data/third_party/upb/upb/upb.c +18 -41
- data/third_party/upb/upb/upb.h +36 -7
- data/third_party/upb/upb/upb.hpp +4 -4
- data/third_party/upb/upb/upb.int.h +29 -0
- metadata +309 -63
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -946
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -537
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1141
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -354
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -142
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
- data/src/core/ext/xds/xds_channel.h +0 -46
- data/src/core/ext/xds/xds_channel_secure.cc +0 -103
- data/src/core/lib/gprpp/map.h +0 -53
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
- data/third_party/upb/upb/port.c +0 -26
@@ -97,6 +97,9 @@ struct rand_meth_st {
|
|
97
97
|
// RAND_SSLeay returns a pointer to a dummy |RAND_METHOD|.
|
98
98
|
OPENSSL_EXPORT RAND_METHOD *RAND_SSLeay(void);
|
99
99
|
|
100
|
+
// RAND_OpenSSL returns a pointer to a dummy |RAND_METHOD|.
|
101
|
+
OPENSSL_EXPORT RAND_METHOD *RAND_OpenSSL(void);
|
102
|
+
|
100
103
|
// RAND_get_rand_method returns |RAND_SSLeay()|.
|
101
104
|
OPENSSL_EXPORT const RAND_METHOD *RAND_get_rand_method(void);
|
102
105
|
|
@@ -267,7 +267,7 @@ OPENSSL_EXPORT int SSL_is_dtls(const SSL *ssl);
|
|
267
267
|
// |SSL_set0_rbio| and |SSL_set0_wbio| instead.
|
268
268
|
OPENSSL_EXPORT void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
|
269
269
|
|
270
|
-
// SSL_set0_rbio configures |ssl| to
|
270
|
+
// SSL_set0_rbio configures |ssl| to read from |rbio|. It takes ownership of
|
271
271
|
// |rbio|.
|
272
272
|
//
|
273
273
|
// Note that, although this function and |SSL_set0_wbio| may be called on the
|
@@ -1293,8 +1293,8 @@ OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value);
|
|
1293
1293
|
// cast to a |uint16_t| to get it.
|
1294
1294
|
OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
|
1295
1295
|
|
1296
|
-
//
|
1297
|
-
OPENSSL_EXPORT uint16_t
|
1296
|
+
// SSL_CIPHER_get_protocol_id returns |cipher|'s IANA-assigned number.
|
1297
|
+
OPENSSL_EXPORT uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher);
|
1298
1298
|
|
1299
1299
|
// SSL_CIPHER_is_aead returns one if |cipher| uses an AEAD cipher.
|
1300
1300
|
OPENSSL_EXPORT int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher);
|
@@ -1738,9 +1738,9 @@ OPENSSL_EXPORT void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session,
|
|
1738
1738
|
// SSL_MAX_MASTER_KEY_LENGTH is the maximum length of a master secret.
|
1739
1739
|
#define SSL_MAX_MASTER_KEY_LENGTH 48
|
1740
1740
|
|
1741
|
-
// SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s
|
1742
|
-
//
|
1743
|
-
//
|
1741
|
+
// SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s secret
|
1742
|
+
// to |out| and returns the number of bytes written. If |max_out| is zero, it
|
1743
|
+
// returns the size of the secret.
|
1744
1744
|
OPENSSL_EXPORT size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
|
1745
1745
|
uint8_t *out, size_t max_out);
|
1746
1746
|
|
@@ -2776,15 +2776,58 @@ OPENSSL_EXPORT void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx,
|
|
2776
2776
|
int enabled);
|
2777
2777
|
|
2778
2778
|
|
2779
|
+
// Application-layer protocol settings
|
2780
|
+
//
|
2781
|
+
// The ALPS extension (draft-vvv-tls-alps) allows exchanging application-layer
|
2782
|
+
// settings in the TLS handshake for applications negotiated with ALPN. Note
|
2783
|
+
// that, when ALPS is negotiated, the client and server each advertise their own
|
2784
|
+
// settings, so there are functions to both configure setting to send and query
|
2785
|
+
// received settings.
|
2786
|
+
|
2787
|
+
// SSL_add_application_settings configures |ssl| to enable ALPS with ALPN
|
2788
|
+
// protocol |proto|, sending an ALPS value of |settings|. It returns one on
|
2789
|
+
// success and zero on error. If |proto| is negotiated via ALPN and the peer
|
2790
|
+
// supports ALPS, |settings| will be sent to the peer. The peer's ALPS value can
|
2791
|
+
// be retrieved with |SSL_get0_peer_application_settings|.
|
2792
|
+
//
|
2793
|
+
// On the client, this function should be called before the handshake, once for
|
2794
|
+
// each supported ALPN protocol which uses ALPS. |proto| must be included in the
|
2795
|
+
// client's ALPN configuration (see |SSL_CTX_set_alpn_protos| and
|
2796
|
+
// |SSL_set_alpn_protos|). On the server, ALPS can be preconfigured for each
|
2797
|
+
// protocol as in the client, or configuration can be deferred to the ALPN
|
2798
|
+
// callback (see |SSL_CTX_set_alpn_select_cb|), in which case only the selected
|
2799
|
+
// protocol needs to be configured.
|
2800
|
+
//
|
2801
|
+
// ALPS can be independently configured from 0-RTT, however changes in protocol
|
2802
|
+
// settings will fallback to 1-RTT to negotiate the new value, so it is
|
2803
|
+
// recommended for |settings| to be relatively stable.
|
2804
|
+
OPENSSL_EXPORT int SSL_add_application_settings(SSL *ssl, const uint8_t *proto,
|
2805
|
+
size_t proto_len,
|
2806
|
+
const uint8_t *settings,
|
2807
|
+
size_t settings_len);
|
2808
|
+
|
2809
|
+
// SSL_get0_peer_application_settings sets |*out_data| and |*out_len| to a
|
2810
|
+
// buffer containing the peer's ALPS value, or the empty string if ALPS was not
|
2811
|
+
// negotiated. Note an empty string could also indicate the peer sent an empty
|
2812
|
+
// settings value. Use |SSL_has_application_settings| to check if ALPS was
|
2813
|
+
// negotiated. The output buffer is owned by |ssl| and is valid until the next
|
2814
|
+
// time |ssl| is modified.
|
2815
|
+
OPENSSL_EXPORT void SSL_get0_peer_application_settings(const SSL *ssl,
|
2816
|
+
const uint8_t **out_data,
|
2817
|
+
size_t *out_len);
|
2818
|
+
|
2819
|
+
// SSL_has_application_settings returns one if ALPS was negotiated on this
|
2820
|
+
// connection and zero otherwise.
|
2821
|
+
OPENSSL_EXPORT int SSL_has_application_settings(const SSL *ssl);
|
2822
|
+
|
2823
|
+
|
2779
2824
|
// Certificate compression.
|
2780
2825
|
//
|
2781
|
-
// Certificates in TLS 1.3 can be compressed
|
2782
|
-
// a client and a server, but does not link against any specific
|
2783
|
-
// libraries in order to keep dependencies to a minimum. Instead,
|
2784
|
-
// compression and decompression can be installed in an |SSL_CTX| to
|
2785
|
-
// support.
|
2786
|
-
//
|
2787
|
-
// [1] https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03.
|
2826
|
+
// Certificates in TLS 1.3 can be compressed (RFC 8879). BoringSSL supports this
|
2827
|
+
// as both a client and a server, but does not link against any specific
|
2828
|
+
// compression libraries in order to keep dependencies to a minimum. Instead,
|
2829
|
+
// hooks for compression and decompression can be installed in an |SSL_CTX| to
|
2830
|
+
// enable support.
|
2788
2831
|
|
2789
2832
|
// ssl_cert_compression_func_t is a pointer to a function that performs
|
2790
2833
|
// compression. It must write the compressed representation of |in| to |out|,
|
@@ -3341,6 +3384,12 @@ OPENSSL_EXPORT int SSL_set_quic_transport_params(SSL *ssl,
|
|
3341
3384
|
OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(
|
3342
3385
|
const SSL *ssl, const uint8_t **out_params, size_t *out_params_len);
|
3343
3386
|
|
3387
|
+
// SSL_set_quic_use_legacy_codepoint configures whether to use the legacy QUIC
|
3388
|
+
// extension codepoint 0xffa5 as opposed to the official value 57. Call with
|
3389
|
+
// |use_legacy| set to 1 to use 0xffa5 and call with 0 to use 57. The default
|
3390
|
+
// value for this is currently 1 but it will change to 0 at a later date.
|
3391
|
+
OPENSSL_EXPORT void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy);
|
3392
|
+
|
3344
3393
|
// SSL_set_quic_early_data_context configures a context string in QUIC servers
|
3345
3394
|
// for accepting early data. If a resumption connection offers early data, the
|
3346
3395
|
// server will check if the value matches that of the connection which minted
|
@@ -3493,8 +3542,10 @@ enum ssl_early_data_reason_t BORINGSSL_ENUM_INT {
|
|
3493
3542
|
ssl_early_data_ticket_age_skew = 12,
|
3494
3543
|
// QUIC parameters differ between this connection and the original.
|
3495
3544
|
ssl_early_data_quic_parameter_mismatch = 13,
|
3545
|
+
// The application settings did not match the session.
|
3546
|
+
ssl_early_data_alps_mismatch = 14,
|
3496
3547
|
// The value of the largest entry.
|
3497
|
-
ssl_early_data_reason_max_value =
|
3548
|
+
ssl_early_data_reason_max_value = ssl_early_data_alps_mismatch,
|
3498
3549
|
};
|
3499
3550
|
|
3500
3551
|
// SSL_get_early_data_reason returns details why 0-RTT was accepted or rejected
|
@@ -3502,6 +3553,26 @@ enum ssl_early_data_reason_t BORINGSSL_ENUM_INT {
|
|
3502
3553
|
OPENSSL_EXPORT enum ssl_early_data_reason_t SSL_get_early_data_reason(
|
3503
3554
|
const SSL *ssl);
|
3504
3555
|
|
3556
|
+
// SSL_early_data_reason_string returns a string representation for |reason|, or
|
3557
|
+
// NULL if |reason| is unknown. This function may be used for logging.
|
3558
|
+
OPENSSL_EXPORT const char *SSL_early_data_reason_string(
|
3559
|
+
enum ssl_early_data_reason_t reason);
|
3560
|
+
|
3561
|
+
|
3562
|
+
// Encrypted Client Hello.
|
3563
|
+
//
|
3564
|
+
// ECH is a mechanism for encrypting the entire ClientHello message in TLS 1.3.
|
3565
|
+
// This can prevent observers from seeing cleartext information about the
|
3566
|
+
// connection, such as the server_name extension.
|
3567
|
+
//
|
3568
|
+
// ECH support in BoringSSL is still experimental and under development.
|
3569
|
+
//
|
3570
|
+
// See https://tools.ietf.org/html/draft-ietf-tls-esni-09.
|
3571
|
+
|
3572
|
+
// SSL_set_enable_ech_grease configures whether the client may send ECH GREASE
|
3573
|
+
// as part of this connection.
|
3574
|
+
OPENSSL_EXPORT void SSL_set_enable_ech_grease(SSL *ssl, int enable);
|
3575
|
+
|
3505
3576
|
|
3506
3577
|
// Alerts.
|
3507
3578
|
//
|
@@ -4035,19 +4106,6 @@ OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl);
|
|
4035
4106
|
OPENSSL_EXPORT void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx,
|
4036
4107
|
int allowed);
|
4037
4108
|
|
4038
|
-
// SSL_CTX_set_ignore_tls13_downgrade configures whether connections on |ctx|
|
4039
|
-
// ignore the downgrade signal in the server's random value.
|
4040
|
-
OPENSSL_EXPORT void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx,
|
4041
|
-
int ignore);
|
4042
|
-
|
4043
|
-
// SSL_set_ignore_tls13_downgrade configures whether |ssl| ignores the downgrade
|
4044
|
-
// signal in the server's random value.
|
4045
|
-
OPENSSL_EXPORT void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore);
|
4046
|
-
|
4047
|
-
// SSL_is_tls13_downgrade returns one if the TLS 1.3 anti-downgrade
|
4048
|
-
// mechanism would have aborted |ssl|'s handshake and zero otherwise.
|
4049
|
-
OPENSSL_EXPORT int SSL_is_tls13_downgrade(const SSL *ssl);
|
4050
|
-
|
4051
4109
|
// SSL_used_hello_retry_request returns one if the TLS 1.3 HelloRetryRequest
|
4052
4110
|
// message has been either sent by the server or received by the client. It
|
4053
4111
|
// returns zero otherwise.
|
@@ -4717,6 +4775,25 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
|
|
4717
4775
|
SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE
|
4718
4776
|
#define SSL_R_TLSV1_CERTIFICATE_REQUIRED SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED
|
4719
4777
|
|
4778
|
+
// SSL_CIPHER_get_value calls |SSL_CIPHER_get_protocol_id|.
|
4779
|
+
//
|
4780
|
+
// TODO(davidben): |SSL_CIPHER_get_value| was our name for this function, but
|
4781
|
+
// upstream added it as |SSL_CIPHER_get_protocol_id|. Switch callers to the new
|
4782
|
+
// name and remove this one.
|
4783
|
+
OPENSSL_EXPORT uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher);
|
4784
|
+
|
4785
|
+
// SSL_CTX_set_ignore_tls13_downgrade does nothing.
|
4786
|
+
OPENSSL_EXPORT void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx,
|
4787
|
+
int ignore);
|
4788
|
+
|
4789
|
+
// SSL_set_ignore_tls13_downgrade does nothing.
|
4790
|
+
OPENSSL_EXPORT void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore);
|
4791
|
+
|
4792
|
+
// SSL_is_tls13_downgrade returns zero. Historically, this function returned
|
4793
|
+
// whether the TLS 1.3 downgrade signal would have been enforced if not
|
4794
|
+
// disabled. The TLS 1.3 downgrade signal is now always enforced.
|
4795
|
+
OPENSSL_EXPORT int SSL_is_tls13_downgrade(const SSL *ssl);
|
4796
|
+
|
4720
4797
|
|
4721
4798
|
// Nodejs compatibility section (hidden).
|
4722
4799
|
//
|
@@ -5210,6 +5287,8 @@ BSSL_NAMESPACE_END
|
|
5210
5287
|
#define SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED 305
|
5211
5288
|
#define SSL_R_UNEXPECTED_COMPATIBILITY_MODE 306
|
5212
5289
|
#define SSL_R_MISSING_ALPN 307
|
5290
|
+
#define SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN 308
|
5291
|
+
#define SSL_R_ALPS_MISMATCH_ON_EARLY_DATA 309
|
5213
5292
|
#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
|
5214
5293
|
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
|
5215
5294
|
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
|
@@ -206,13 +206,27 @@ extern "C" {
|
|
206
206
|
// ExtensionType value from draft-ietf-tokbind-negotiation-10
|
207
207
|
#define TLSEXT_TYPE_token_binding 24
|
208
208
|
|
209
|
-
// ExtensionType value from draft-ietf-quic-tls.
|
210
|
-
//
|
211
|
-
//
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
209
|
+
// ExtensionType value from draft-ietf-quic-tls. Drafts 00 through 32 use
|
210
|
+
// 0xffa5 which is part of the Private Use section of the registry, and it
|
211
|
+
// collides with TLS-LTS and, based on scans, something else too (though this
|
212
|
+
// hasn't been a problem in practice since it's QUIC-only). Drafts 33 onward
|
213
|
+
// use the value 57 which was officially registered with IANA.
|
214
|
+
#define TLSEXT_TYPE_quic_transport_parameters_legacy 0xffa5
|
215
|
+
#define TLSEXT_TYPE_quic_transport_parameters_standard 57
|
216
|
+
|
217
|
+
// TLSEXT_TYPE_quic_transport_parameters is an alias for
|
218
|
+
// |TLSEXT_TYPE_quic_transport_parameters_legacy|. It will switch to
|
219
|
+
// |TLSEXT_TYPE_quic_transport_parameters_standard| at a later date.
|
220
|
+
//
|
221
|
+
// Callers using |SSL_set_quic_use_legacy_codepoint| should use
|
222
|
+
// |TLSEXT_TYPE_quic_transport_parameters_legacy| or
|
223
|
+
// |TLSEXT_TYPE_quic_transport_parameters_standard| rather than this constant.
|
224
|
+
// When the default code point is switched to the standard one, this value will
|
225
|
+
// be updated and we will transition callers back to the unsuffixed constant.
|
226
|
+
#define TLSEXT_TYPE_quic_transport_parameters \
|
227
|
+
TLSEXT_TYPE_quic_transport_parameters_legacy
|
228
|
+
|
229
|
+
// ExtensionType value from RFC8879
|
216
230
|
#define TLSEXT_TYPE_cert_compression 27
|
217
231
|
|
218
232
|
// ExtensionType value from RFC4507
|
@@ -235,6 +249,15 @@ extern "C" {
|
|
235
249
|
// ExtensionType value from draft-ietf-tls-subcerts.
|
236
250
|
#define TLSEXT_TYPE_delegated_credential 0x22
|
237
251
|
|
252
|
+
// ExtensionType value from draft-vvv-tls-alps. This is not an IANA defined
|
253
|
+
// extension number.
|
254
|
+
#define TLSEXT_TYPE_application_settings 17513
|
255
|
+
|
256
|
+
// ExtensionType values from draft-ietf-tls-esni-09. This is not an IANA defined
|
257
|
+
// extension number.
|
258
|
+
#define TLSEXT_TYPE_encrypted_client_hello 0xfe09
|
259
|
+
#define TLSEXT_TYPE_ech_is_inner 0xda09
|
260
|
+
|
238
261
|
// ExtensionType value from RFC6962
|
239
262
|
#define TLSEXT_TYPE_certificate_timestamp 18
|
240
263
|
|
@@ -267,7 +290,7 @@ extern "C" {
|
|
267
290
|
#define TLSEXT_hash_sha384 5
|
268
291
|
#define TLSEXT_hash_sha512 6
|
269
292
|
|
270
|
-
// From https://
|
293
|
+
// From https://www.rfc-editor.org/rfc/rfc8879.html#section-3
|
271
294
|
#define TLSEXT_cert_compression_zlib 1
|
272
295
|
#define TLSEXT_cert_compression_brotli 2
|
273
296
|
|
@@ -40,6 +40,14 @@ extern "C" {
|
|
40
40
|
// PMBTokens and P-384.
|
41
41
|
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void);
|
42
42
|
|
43
|
+
// TRUST_TOKEN_experiment_v2_voprf is an experimental Trust Tokens protocol
|
44
|
+
// using VOPRFs and P-384 with up to 6 keys, without RR verification.
|
45
|
+
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_voprf(void);
|
46
|
+
|
47
|
+
// TRUST_TOKEN_experiment_v2_pmb is an experimental Trust Tokens protocol using
|
48
|
+
// PMBTokens and P-384 with up to 3 keys, without RR verification.
|
49
|
+
OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void);
|
50
|
+
|
43
51
|
// trust_token_st represents a single-use token for the Trust Token protocol.
|
44
52
|
// For the client, this is the token and its corresponding signature. For the
|
45
53
|
// issuer, this is the token itself.
|
@@ -138,21 +146,23 @@ OPENSSL_EXPORT STACK_OF(TRUST_TOKEN) *
|
|
138
146
|
// |token| and receive a signature over |data| and serializes the request into
|
139
147
|
// a newly-allocated buffer, setting |*out| to that buffer and |*out_len| to
|
140
148
|
// its length. |time| is the number of seconds since the UNIX epoch and used to
|
141
|
-
// verify the validity of the issuer's response
|
142
|
-
//
|
143
|
-
// or zero on error.
|
149
|
+
// verify the validity of the issuer's response in TrustTokenV1 and ignored in
|
150
|
+
// other versions. The caller takes ownership of the buffer and must call
|
151
|
+
// |OPENSSL_free| when done. It returns one on success or zero on error.
|
144
152
|
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_redemption(
|
145
153
|
TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len,
|
146
154
|
const TRUST_TOKEN *token, const uint8_t *data, size_t data_len,
|
147
155
|
uint64_t time);
|
148
156
|
|
149
|
-
// TRUST_TOKEN_CLIENT_finish_redemption consumes |response| from the issuer
|
150
|
-
// verifies the SRR
|
151
|
-
// |*
|
152
|
-
// newly-allocated buffer containing the SRR (respectively, the SRR
|
153
|
-
//
|
157
|
+
// TRUST_TOKEN_CLIENT_finish_redemption consumes |response| from the issuer. In
|
158
|
+
// |TRUST_TOKEN_experiment_v1|, it then verifies the SRR and if valid sets
|
159
|
+
// |*out_rr| and |*out_rr_len| (respectively, |*out_sig| and |*out_sig_len|)
|
160
|
+
// to a newly-allocated buffer containing the SRR (respectively, the SRR
|
161
|
+
// signature). In other versions, it sets |*out_rr| and |*out_rr_len|
|
162
|
+
// to a newly-allocated buffer containing |response| and leaves all validation
|
163
|
+
// to the caller. It returns one on success or zero on failure.
|
154
164
|
OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_finish_redemption(
|
155
|
-
TRUST_TOKEN_CLIENT *ctx, uint8_t **
|
165
|
+
TRUST_TOKEN_CLIENT *ctx, uint8_t **out_rr, size_t *out_rr_len,
|
156
166
|
uint8_t **out_sig, size_t *out_sig_len, const uint8_t *response,
|
157
167
|
size_t response_len);
|
158
168
|
|
@@ -214,16 +224,16 @@ OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_issue(
|
|
214
224
|
uint32_t public_metadata, uint8_t private_metadata, size_t max_issuance);
|
215
225
|
|
216
226
|
// TRUST_TOKEN_ISSUER_redeem ingests a |request| for token redemption and
|
217
|
-
// verifies the token. If the token is valid, a
|
227
|
+
// verifies the token. If the token is valid, a RR is produced with a lifetime
|
218
228
|
// of |lifetime| (in seconds), signing over the requested data from the request
|
219
229
|
// and the value of the token, storing the result into a newly-allocated buffer
|
220
230
|
// and setting |*out| to that buffer and |*out_len| to its length. The extracted
|
221
231
|
// |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in
|
222
232
|
// |*out_token|. The extracted client data is stored into a newly-allocated
|
223
|
-
// buffer and stored in |*out_client_data|.
|
224
|
-
// stored in |*out_redemption_time|. The caller takes
|
225
|
-
// buffer and must call |OPENSSL_free| when done. It
|
226
|
-
// zero on error.
|
233
|
+
// buffer and stored in |*out_client_data|. In TrustTokenV1, the extracted
|
234
|
+
// redemption time is stored in |*out_redemption_time|. The caller takes
|
235
|
+
// ownership of each output buffer and must call |OPENSSL_free| when done. It
|
236
|
+
// returns one on success or zero on error.
|
227
237
|
//
|
228
238
|
// The caller must keep track of all values of |*out_token| seen globally before
|
229
239
|
// returning the SRR to the client. If the value has been reused, the caller
|
@@ -235,6 +245,24 @@ OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem(
|
|
235
245
|
size_t *out_client_data_len, uint64_t *out_redemption_time,
|
236
246
|
const uint8_t *request, size_t request_len, uint64_t lifetime);
|
237
247
|
|
248
|
+
// TRUST_TOKEN_ISSUER_redeem_raw ingests a |request| for token redemption and
|
249
|
+
// verifies the token. The public metadata is stored in |*out_public|. The
|
250
|
+
// private metadata (if any) is stored in |*out_private|. The extracted
|
251
|
+
// |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in
|
252
|
+
// |*out_token|. The extracted client data is stored into a newly-allocated
|
253
|
+
// buffer and stored in |*out_client_data|. The caller takes ownership of each
|
254
|
+
// output buffer and must call |OPENSSL_free| when done. It returns one on
|
255
|
+
// success or zero on error.
|
256
|
+
//
|
257
|
+
// The caller must keep track of all values of |*out_token| seen globally before
|
258
|
+
// returning a response to the client. If the value has been reused, the caller
|
259
|
+
// must report an error to the client. Returning a response with replayed values
|
260
|
+
// allows an attacker to double-spend tokens.
|
261
|
+
OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem_raw(
|
262
|
+
const TRUST_TOKEN_ISSUER *ctx, uint32_t *out_public, uint8_t *out_private,
|
263
|
+
TRUST_TOKEN **out_token, uint8_t **out_client_data,
|
264
|
+
size_t *out_client_data_len, const uint8_t *request, size_t request_len);
|
265
|
+
|
238
266
|
// TRUST_TOKEN_decode_private_metadata decodes |encrypted_bit| using the
|
239
267
|
// private metadata key specified by a |key| buffer of length |key_len| and the
|
240
268
|
// nonce by a |nonce| buffer of length |nonce_len|. The nonce in
|
@@ -143,10 +143,10 @@ DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
|
|
143
143
|
|
144
144
|
// we always keep X509_NAMEs in 2 forms.
|
145
145
|
struct X509_name_st {
|
146
|
-
STACK_OF(X509_NAME_ENTRY) *
|
146
|
+
STACK_OF(X509_NAME_ENTRY) *entries;
|
147
147
|
int modified; // true if 'bytes' needs to be built
|
148
148
|
BUF_MEM *bytes;
|
149
|
-
//
|
149
|
+
// unsigned long hash; Keep the hash around for lookups
|
150
150
|
unsigned char *canon_enc;
|
151
151
|
int canon_enclen;
|
152
152
|
} /* X509_NAME */;
|
@@ -170,7 +170,7 @@ struct x509_attributes_st {
|
|
170
170
|
int single; // 0 for a set, 1 for a single item (which is wrong)
|
171
171
|
union {
|
172
172
|
char *ptr;
|
173
|
-
/* 0 */ STACK_OF(ASN1_TYPE) *
|
173
|
+
/* 0 */ STACK_OF(ASN1_TYPE) *set;
|
174
174
|
/* 1 */ ASN1_TYPE *single;
|
175
175
|
} value;
|
176
176
|
} /* X509_ATTRIBUTE */;
|
@@ -185,7 +185,7 @@ struct X509_req_info_st {
|
|
185
185
|
X509_NAME *subject;
|
186
186
|
X509_PUBKEY *pubkey;
|
187
187
|
// d=2 hl=2 l= 0 cons: cont: 00
|
188
|
-
STACK_OF(X509_ATTRIBUTE) *
|
188
|
+
STACK_OF(X509_ATTRIBUTE) *attributes; // [ 0 ]
|
189
189
|
} /* X509_REQ_INFO */;
|
190
190
|
|
191
191
|
struct X509_req_st {
|
@@ -203,9 +203,9 @@ struct x509_cinf_st {
|
|
203
203
|
X509_VAL *validity;
|
204
204
|
X509_NAME *subject;
|
205
205
|
X509_PUBKEY *key;
|
206
|
-
ASN1_BIT_STRING *issuerUID;
|
207
|
-
ASN1_BIT_STRING *subjectUID;
|
208
|
-
STACK_OF(X509_EXTENSION) *
|
206
|
+
ASN1_BIT_STRING *issuerUID; // [ 1 ] optional in v2
|
207
|
+
ASN1_BIT_STRING *subjectUID; // [ 2 ] optional in v2
|
208
|
+
STACK_OF(X509_EXTENSION) *extensions; // [ 3 ] optional in v3
|
209
209
|
ASN1_ENCODING enc;
|
210
210
|
} /* X509_CINF */;
|
211
211
|
|
@@ -215,11 +215,11 @@ struct x509_cinf_st {
|
|
215
215
|
// the end of the certificate itself
|
216
216
|
|
217
217
|
struct x509_cert_aux_st {
|
218
|
-
STACK_OF(ASN1_OBJECT) *
|
219
|
-
STACK_OF(ASN1_OBJECT) *
|
220
|
-
ASN1_UTF8STRING *alias;
|
221
|
-
ASN1_OCTET_STRING *keyid;
|
222
|
-
STACK_OF(X509_ALGOR) *
|
218
|
+
STACK_OF(ASN1_OBJECT) *trust; // trusted uses
|
219
|
+
STACK_OF(ASN1_OBJECT) *reject; // rejected uses
|
220
|
+
ASN1_UTF8STRING *alias; // "friendly name"
|
221
|
+
ASN1_OCTET_STRING *keyid; // key id of private key
|
222
|
+
STACK_OF(X509_ALGOR) *other; // other unspecified info
|
223
223
|
} /* X509_CERT_AUX */;
|
224
224
|
|
225
225
|
DECLARE_STACK_OF(DIST_POINT)
|
@@ -241,8 +241,8 @@ struct x509_st {
|
|
241
241
|
ASN1_OCTET_STRING *skid;
|
242
242
|
AUTHORITY_KEYID *akid;
|
243
243
|
X509_POLICY_CACHE *policy_cache;
|
244
|
-
STACK_OF(DIST_POINT) *
|
245
|
-
STACK_OF(GENERAL_NAME) *
|
244
|
+
STACK_OF(DIST_POINT) *crldp;
|
245
|
+
STACK_OF(GENERAL_NAME) *altname;
|
246
246
|
NAME_CONSTRAINTS *nc;
|
247
247
|
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
|
248
248
|
X509_CERT_AUX *aux;
|
@@ -364,9 +364,9 @@ DEFINE_STACK_OF(X509_TRUST)
|
|
364
364
|
struct x509_revoked_st {
|
365
365
|
ASN1_INTEGER *serialNumber;
|
366
366
|
ASN1_TIME *revocationDate;
|
367
|
-
STACK_OF(X509_EXTENSION) /* optional */ *
|
367
|
+
STACK_OF(X509_EXTENSION) /* optional */ *extensions;
|
368
368
|
// Set up if indirect CRL
|
369
|
-
STACK_OF(GENERAL_NAME) *
|
369
|
+
STACK_OF(GENERAL_NAME) *issuer;
|
370
370
|
// Revocation reason
|
371
371
|
int reason;
|
372
372
|
int sequence; // load sequence
|
@@ -381,8 +381,8 @@ struct X509_crl_info_st {
|
|
381
381
|
X509_NAME *issuer;
|
382
382
|
ASN1_TIME *lastUpdate;
|
383
383
|
ASN1_TIME *nextUpdate;
|
384
|
-
STACK_OF(X509_REVOKED) *
|
385
|
-
STACK_OF(X509_EXTENSION) /* [0] */ *
|
384
|
+
STACK_OF(X509_REVOKED) *revoked;
|
385
|
+
STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
|
386
386
|
ASN1_ENCODING enc;
|
387
387
|
} /* X509_CRL_INFO */;
|
388
388
|
|
@@ -405,7 +405,7 @@ struct X509_crl_st {
|
|
405
405
|
ASN1_INTEGER *crl_number;
|
406
406
|
ASN1_INTEGER *base_crl_number;
|
407
407
|
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
|
408
|
-
STACK_OF(GENERAL_NAMES) *
|
408
|
+
STACK_OF(GENERAL_NAMES) *issuers;
|
409
409
|
const X509_CRL_METHOD *meth;
|
410
410
|
void *meth_data;
|
411
411
|
} /* X509_CRL */;
|
@@ -470,6 +470,11 @@ struct Netscape_spki_st {
|
|
470
470
|
extern "C" {
|
471
471
|
#endif
|
472
472
|
|
473
|
+
// TODO(davidben): Document remaining functions, reorganize them, and define
|
474
|
+
// supported patterns for using |X509| objects in general. In particular, when
|
475
|
+
// it is safe to call mutating functions is a little tricky due to various
|
476
|
+
// internal caches.
|
477
|
+
|
473
478
|
// X509_get_version returns the numerical value of |x509|'s version. That is,
|
474
479
|
// it returns zero for X.509v1, one for X.509v2, and two for X.509v3. Unknown
|
475
480
|
// versions are rejected by the parser, but a manually-created |X509| object may
|
@@ -477,16 +482,54 @@ extern "C" {
|
|
477
482
|
// version, or -1 on overflow.
|
478
483
|
OPENSSL_EXPORT long X509_get_version(const X509 *x509);
|
479
484
|
|
480
|
-
//
|
481
|
-
|
485
|
+
// X509_get0_serialNumber returns |x509|'s serial number.
|
486
|
+
OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509);
|
487
|
+
|
488
|
+
// X509_get0_notBefore returns |x509|'s notBefore time.
|
489
|
+
OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509);
|
490
|
+
|
491
|
+
// X509_get0_notAfter returns |x509|'s notAfter time.
|
492
|
+
OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x509);
|
493
|
+
|
494
|
+
// X509_set1_notBefore sets |x509|'s notBefore time to |tm|. It returns one on
|
495
|
+
// success and zero on error.
|
496
|
+
OPENSSL_EXPORT int X509_set1_notBefore(X509 *x509, const ASN1_TIME *tm);
|
497
|
+
|
498
|
+
// X509_set1_notAfter sets |x509|'s notAfter time to |tm|. it returns one on
|
499
|
+
// success and zero on error.
|
500
|
+
OPENSSL_EXPORT int X509_set1_notAfter(X509 *x509, const ASN1_TIME *tm);
|
501
|
+
|
502
|
+
// X509_getm_notBefore returns a mutable pointer to |x509|'s notBefore time.
|
503
|
+
OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x509);
|
504
|
+
|
505
|
+
// X509_getm_notAfter returns a mutable pointer to |x509|'s notAfter time.
|
506
|
+
OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x);
|
507
|
+
|
508
|
+
// X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
|
509
|
+
// const-correct for legacy reasons. Use |X509_get0_notBefore| or
|
482
510
|
// |X509_getm_notBefore| instead.
|
483
511
|
OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
|
484
512
|
|
485
|
-
// X509_get_notAfter returns |x509|'s notAfter
|
513
|
+
// X509_get_notAfter returns |x509|'s notAfter time. Note this function is not
|
486
514
|
// const-correct for legacy reasons. Use |X509_get0_notAfter| or
|
487
515
|
// |X509_getm_notAfter| instead.
|
488
516
|
OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509);
|
489
517
|
|
518
|
+
// X509_set_notBefore calls |X509_set1_notBefore|. Use |X509_set1_notBefore|
|
519
|
+
// instead.
|
520
|
+
OPENSSL_EXPORT int X509_set_notBefore(X509 *x509, const ASN1_TIME *tm);
|
521
|
+
|
522
|
+
// X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter|
|
523
|
+
// instead.
|
524
|
+
OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm);
|
525
|
+
|
526
|
+
// X509_get0_uids sets |*out_issuer_uid| and |*out_subject_uid| to non-owning
|
527
|
+
// pointers to the issuerUID and subjectUID fields, respectively, of |x509|.
|
528
|
+
// Either output pointer may be NULL to skip the field.
|
529
|
+
OPENSSL_EXPORT void X509_get0_uids(const X509 *x509,
|
530
|
+
const ASN1_BIT_STRING **out_issuer_uid,
|
531
|
+
const ASN1_BIT_STRING **out_subject_uid);
|
532
|
+
|
490
533
|
// X509_get_cert_info returns |x509|'s TBSCertificate structure. Note this
|
491
534
|
// function is not const-correct for legacy reasons.
|
492
535
|
//
|
@@ -498,6 +541,15 @@ OPENSSL_EXPORT X509_CINF *X509_get_cert_info(const X509 *x509);
|
|
498
541
|
// |X509_get_pubkey| instead.
|
499
542
|
#define X509_extract_key(x) X509_get_pubkey(x)
|
500
543
|
|
544
|
+
// X509_get_pathlen returns path length constraint from the basic constraints
|
545
|
+
// extension in |x509|. (See RFC5280, section 4.2.1.9.) It returns -1 if the
|
546
|
+
// constraint is not present, or if some extension in |x509| was invalid.
|
547
|
+
//
|
548
|
+
// Note that decoding an |X509| object will not check for invalid extensions. To
|
549
|
+
// detect the error case, call |X509_get_extensions_flags| and check the
|
550
|
+
// |EXFLAG_INVALID| bit.
|
551
|
+
OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
|
552
|
+
|
501
553
|
// X509_REQ_get_version returns the numerical value of |req|'s version. That is,
|
502
554
|
// it returns zero for a v1 request. If |req| is invalid, it may return another
|
503
555
|
// value, or -1 on overflow.
|
@@ -521,15 +573,29 @@ OPENSSL_EXPORT long X509_CRL_get_version(const X509_CRL *crl);
|
|
521
573
|
// X509_CRL_get0_lastUpdate returns |crl|'s lastUpdate time.
|
522
574
|
OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
|
523
575
|
|
524
|
-
//
|
576
|
+
// X509_CRL_get0_nextUpdate returns |crl|'s nextUpdate time, or NULL if |crl|
|
577
|
+
// has none.
|
525
578
|
OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
|
526
579
|
|
580
|
+
// X509_CRL_set1_lastUpdate sets |crl|'s lastUpdate time to |tm|. It returns one
|
581
|
+
// on success and zero on error.
|
582
|
+
OPENSSL_EXPORT int X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);
|
583
|
+
|
584
|
+
// X509_CRL_set1_nextUpdate sets |crl|'s nextUpdate time to |tm|. It returns one
|
585
|
+
// on success and zero on error.
|
586
|
+
OPENSSL_EXPORT int X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);
|
587
|
+
|
588
|
+
// The following symbols are deprecated aliases to |X509_CRL_set1_*|.
|
589
|
+
#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
|
590
|
+
#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
|
591
|
+
|
527
592
|
// X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s lastUpdate time.
|
528
|
-
// Use |X509_CRL_get0_lastUpdate| or |
|
593
|
+
// Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead.
|
529
594
|
OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
|
530
595
|
|
531
|
-
// X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time
|
532
|
-
//
|
596
|
+
// X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time,
|
597
|
+
// or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or
|
598
|
+
// |X509_CRL_set1_nextUpdate| instead.
|
533
599
|
OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
|
534
600
|
|
535
601
|
// X509_CRL_get_issuer returns |crl|'s issuer name. Note this function is not
|
@@ -543,6 +609,10 @@ OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
|
|
543
609
|
// would break existing callers. For now, we match upstream.
|
544
610
|
OPENSSL_EXPORT STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
|
545
611
|
|
612
|
+
// X509_CRL_get0_extensions returns |crl|'s extension list.
|
613
|
+
OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(
|
614
|
+
const X509_CRL *crl);
|
615
|
+
|
546
616
|
// X509_CINF_set_modified marks |cinf| as modified so that changes will be
|
547
617
|
// reflected in serializing the structure.
|
548
618
|
//
|
@@ -586,48 +656,156 @@ OPENSSL_EXPORT void *X509_CRL_get_meth_data(X509_CRL *crl);
|
|
586
656
|
// object.
|
587
657
|
OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509);
|
588
658
|
|
589
|
-
|
590
|
-
|
591
|
-
|
592
|
-
|
593
|
-
|
594
|
-
|
595
|
-
OPENSSL_EXPORT
|
596
|
-
|
597
|
-
|
659
|
+
// X509_verify_cert_error_string returns |err| as a human-readable string, where
|
660
|
+
// |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
|
661
|
+
// a default description.
|
662
|
+
//
|
663
|
+
// TODO(davidben): Move this function to x509_vfy.h, with the |X509_V_*|
|
664
|
+
// definitions, or fold x509_vfy.h into this function.
|
665
|
+
OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err);
|
666
|
+
|
667
|
+
// X509_verify checks that |x509| has a valid signature by |pkey|. It returns
|
668
|
+
// one if the signature is valid and zero otherwise. Note this function only
|
669
|
+
// checks the signature itself and does not perform a full certificate
|
670
|
+
// validation.
|
671
|
+
OPENSSL_EXPORT int X509_verify(X509 *x509, EVP_PKEY *pkey);
|
672
|
+
|
673
|
+
// X509_REQ_verify checks that |req| has a valid signature by |pkey|. It returns
|
674
|
+
// one if the signature is valid and zero otherwise.
|
675
|
+
OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *req, EVP_PKEY *pkey);
|
676
|
+
|
677
|
+
// X509_CRL_verify checks that |crl| has a valid signature by |pkey|. It returns
|
678
|
+
// one if the signature is valid and zero otherwise.
|
679
|
+
OPENSSL_EXPORT int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey);
|
680
|
+
|
681
|
+
// NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It
|
682
|
+
// returns one if the signature is valid and zero otherwise.
|
683
|
+
OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey);
|
684
|
+
|
685
|
+
// NETSCAPE_SPKI_b64_decode decodes |len| bytes from |str| as a base64-encoded
|
686
|
+
// Netscape signed public key and challenge (SPKAC) structure. It returns a
|
687
|
+
// newly-allocated |NETSCAPE_SPKI| structure with the result, or NULL on error.
|
688
|
+
// If |len| is 0 or negative, the length is calculated with |strlen| and |str|
|
689
|
+
// must be a NUL-terminated C string.
|
598
690
|
OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
|
599
691
|
int len);
|
600
|
-
OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
|
601
|
-
OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
|
602
|
-
OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
|
603
692
|
|
604
|
-
|
605
|
-
|
606
|
-
|
693
|
+
// NETSCAPE_SPKI_b64_encode encodes |spki| as a base64-encoded Netscape signed
|
694
|
+
// public key and challenge (SPKAC) structure. It returns a newly-allocated
|
695
|
+
// NUL-terminated C string with the result, or NULL on error. The caller must
|
696
|
+
// release the memory with |OPENSSL_free| when done.
|
697
|
+
OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
|
698
|
+
|
699
|
+
// NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
|
700
|
+
// |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting
|
701
|
+
// pointer and must call |EVP_PKEY_free| when done.
|
702
|
+
OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki);
|
703
|
+
|
704
|
+
// NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one
|
705
|
+
// on success or zero on error. This function does not take ownership of |pkey|,
|
706
|
+
// so the caller may continue to manage its lifetime independently of |spki|.
|
707
|
+
OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki,
|
708
|
+
EVP_PKEY *pkey);
|
709
|
+
|
710
|
+
// X509_signature_dump writes a human-readable representation of |sig| to |bio|,
|
711
|
+
// indented with |indent| spaces. It returns one on success and zero on error.
|
712
|
+
OPENSSL_EXPORT int X509_signature_dump(BIO *bio, const ASN1_STRING *sig,
|
607
713
|
int indent);
|
608
|
-
|
714
|
+
|
715
|
+
// X509_signature_print writes a human-readable representation of |alg| and
|
716
|
+
// |sig| to |bio|. It returns one on success and zero on error.
|
717
|
+
OPENSSL_EXPORT int X509_signature_print(BIO *bio, const X509_ALGOR *alg,
|
609
718
|
const ASN1_STRING *sig);
|
610
719
|
|
611
|
-
|
612
|
-
|
613
|
-
|
614
|
-
|
615
|
-
OPENSSL_EXPORT int
|
616
|
-
|
617
|
-
|
720
|
+
// X509_sign signs |x509| with |pkey| and replaces the signature algorithm and
|
721
|
+
// signature fields. It returns one on success and zero on error. This function
|
722
|
+
// uses digest algorithm |md|, or |pkey|'s default if NULL. Other signing
|
723
|
+
// parameters use |pkey|'s defaults. To customize them, use |X509_sign_ctx|.
|
724
|
+
OPENSSL_EXPORT int X509_sign(X509 *x509, EVP_PKEY *pkey, const EVP_MD *md);
|
725
|
+
|
726
|
+
// X509_sign_ctx signs |x509| with |ctx| and replaces the signature algorithm
|
727
|
+
// and signature fields. It returns one on success and zero on error. The
|
728
|
+
// signature algorithm and parameters come from |ctx|, which must have been
|
729
|
+
// initialized with |EVP_DigestSignInit|. The caller should configure the
|
730
|
+
// corresponding |EVP_PKEY_CTX| before calling this function.
|
731
|
+
OPENSSL_EXPORT int X509_sign_ctx(X509 *x509, EVP_MD_CTX *ctx);
|
732
|
+
|
733
|
+
// X509_REQ_sign signs |req| with |pkey| and replaces the signature algorithm
|
734
|
+
// and signature fields. It returns one on success and zero on error. This
|
735
|
+
// function uses digest algorithm |md|, or |pkey|'s default if NULL. Other
|
736
|
+
// signing parameters use |pkey|'s defaults. To customize them, use
|
737
|
+
// |X509_REQ_sign_ctx|.
|
738
|
+
OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *req, EVP_PKEY *pkey,
|
739
|
+
const EVP_MD *md);
|
740
|
+
|
741
|
+
// X509_REQ_sign_ctx signs |req| with |ctx| and replaces the signature algorithm
|
742
|
+
// and signature fields. It returns one on success and zero on error. The
|
743
|
+
// signature algorithm and parameters come from |ctx|, which must have been
|
744
|
+
// initialized with |EVP_DigestSignInit|. The caller should configure the
|
745
|
+
// corresponding |EVP_PKEY_CTX| before calling this function.
|
746
|
+
OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *req, EVP_MD_CTX *ctx);
|
747
|
+
|
748
|
+
// X509_CRL_sign signs |crl| with |pkey| and replaces the signature algorithm
|
749
|
+
// and signature fields. It returns one on success and zero on error. This
|
750
|
+
// function uses digest algorithm |md|, or |pkey|'s default if NULL. Other
|
751
|
+
// signing parameters use |pkey|'s defaults. To customize them, use
|
752
|
+
// |X509_CRL_sign_ctx|.
|
753
|
+
OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *crl, EVP_PKEY *pkey,
|
754
|
+
const EVP_MD *md);
|
755
|
+
|
756
|
+
// X509_CRL_sign_ctx signs |crl| with |ctx| and replaces the signature algorithm
|
757
|
+
// and signature fields. It returns one on success and zero on error. The
|
758
|
+
// signature algorithm and parameters come from |ctx|, which must have been
|
759
|
+
// initialized with |EVP_DigestSignInit|. The caller should configure the
|
760
|
+
// corresponding |EVP_PKEY_CTX| before calling this function.
|
761
|
+
OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *crl, EVP_MD_CTX *ctx);
|
762
|
+
|
763
|
+
// NETSCAPE_SPKI_sign signs |spki| with |pkey| and replaces the signature
|
764
|
+
// algorithm and signature fields. It returns one on success and zero on error.
|
765
|
+
// This function uses digest algorithm |md|, or |pkey|'s default if NULL. Other
|
766
|
+
// signing parameters use |pkey|'s defaults.
|
767
|
+
OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *spki, EVP_PKEY *pkey,
|
618
768
|
const EVP_MD *md);
|
619
769
|
|
620
|
-
|
621
|
-
|
622
|
-
|
623
|
-
|
624
|
-
|
625
|
-
|
626
|
-
|
627
|
-
|
628
|
-
|
629
|
-
|
630
|
-
|
770
|
+
// X509_pubkey_digest hashes the DER encoding of |x509|'s subjectPublicKeyInfo
|
771
|
+
// field with |md| and writes the result to |out|. |EVP_MD_CTX_size| bytes are
|
772
|
+
// written, which is at most |EVP_MAX_MD_SIZE|. If |out_len| is not NULL,
|
773
|
+
// |*out_len| is set to the number of bytes written. This function returns one
|
774
|
+
// on success and zero on error.
|
775
|
+
OPENSSL_EXPORT int X509_pubkey_digest(const X509 *x509, const EVP_MD *md,
|
776
|
+
uint8_t *out, unsigned *out_len);
|
777
|
+
|
778
|
+
// X509_digest hashes |x509|'s DER encoding with |md| and writes the result to
|
779
|
+
// |out|. |EVP_MD_CTX_size| bytes are written, which is at most
|
780
|
+
// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
|
781
|
+
// of bytes written. This function returns one on success and zero on error.
|
782
|
+
// Note this digest covers the entire certificate, not just the signed portion.
|
783
|
+
OPENSSL_EXPORT int X509_digest(const X509 *x509, const EVP_MD *md, uint8_t *out,
|
784
|
+
unsigned *out_len);
|
785
|
+
|
786
|
+
// X509_CRL_digest hashes |crl|'s DER encoding with |md| and writes the result
|
787
|
+
// to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
|
788
|
+
// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
|
789
|
+
// of bytes written. This function returns one on success and zero on error.
|
790
|
+
// Note this digest covers the entire CRL, not just the signed portion.
|
791
|
+
OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *crl, const EVP_MD *md,
|
792
|
+
uint8_t *out, unsigned *out_len);
|
793
|
+
|
794
|
+
// X509_REQ_digest hashes |req|'s DER encoding with |md| and writes the result
|
795
|
+
// to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
|
796
|
+
// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
|
797
|
+
// of bytes written. This function returns one on success and zero on error.
|
798
|
+
// Note this digest covers the entire certificate request, not just the signed
|
799
|
+
// portion.
|
800
|
+
OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *req, const EVP_MD *md,
|
801
|
+
uint8_t *out, unsigned *out_len);
|
802
|
+
|
803
|
+
// X509_NAME_digest hashes |name|'s DER encoding with |md| and writes the result
|
804
|
+
// to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
|
805
|
+
// |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
|
806
|
+
// of bytes written. This function returns one on success and zero on error.
|
807
|
+
OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *name, const EVP_MD *md,
|
808
|
+
uint8_t *out, unsigned *out_len);
|
631
809
|
|
632
810
|
// X509_parse_from_buffer parses an X.509 structure from |buf| and returns a
|
633
811
|
// fresh X509 or NULL on error. There must not be any trailing data in |buf|.
|
@@ -790,14 +968,58 @@ OPENSSL_EXPORT int i2d_X509_AUX(X509 *a, unsigned char **pp);
|
|
790
968
|
OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp,
|
791
969
|
long length);
|
792
970
|
|
793
|
-
|
971
|
+
// i2d_re_X509_tbs serializes the TBSCertificate portion of |x509|. If |outp| is
|
972
|
+
// NULL, nothing is written. Otherwise, if |*outp| is not NULL, the result is
|
973
|
+
// written to |*outp|, which must have enough space available, and |*outp| is
|
974
|
+
// advanced just past the output. If |outp| is non-NULL and |*outp| is NULL, it
|
975
|
+
// sets |*outp| to a newly-allocated buffer containing the result. The caller is
|
976
|
+
// responsible for releasing the buffer with |OPENSSL_free|. In all cases, this
|
977
|
+
// function returns the number of bytes in the result, whether written or not,
|
978
|
+
// or a negative value on error.
|
979
|
+
//
|
980
|
+
// This function re-encodes the TBSCertificate and may not reflect |x509|'s
|
981
|
+
// original encoding. It may be used to manually generate a signature for a new
|
982
|
+
// certificate. To verify certificates, use |i2d_X509_tbs| instead.
|
983
|
+
OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x509, unsigned char **outp);
|
984
|
+
|
985
|
+
// i2d_X509_tbs serializes the TBSCertificate portion of |x509|. If |outp| is
|
986
|
+
// NULL, nothing is written. Otherwise, if |*outp| is not NULL, the result is
|
987
|
+
// written to |*outp|, which must have enough space available, and |*outp| is
|
988
|
+
// advanced just past the output. If |outp| is non-NULL and |*outp| is NULL, it
|
989
|
+
// sets |*outp| to a newly-allocated buffer containing the result. The caller is
|
990
|
+
// responsible for releasing the buffer with |OPENSSL_free|. In all cases, this
|
991
|
+
// function returns the number of bytes in the result, whether written or not,
|
992
|
+
// or a negative value on error.
|
993
|
+
//
|
994
|
+
// This function preserves the original encoding of the TBSCertificate and may
|
995
|
+
// not reflect modifications made to |x509|. It may be used to manually verify
|
996
|
+
// the signature of an existing certificate. To generate certificates, use
|
997
|
+
// |i2d_re_X509_tbs| instead.
|
998
|
+
OPENSSL_EXPORT int i2d_X509_tbs(X509 *x509, unsigned char **outp);
|
999
|
+
|
1000
|
+
// X509_set1_signature_algo sets |x509|'s signature algorithm to |algo| and
|
1001
|
+
// returns one on success or zero on error. It updates both the signature field
|
1002
|
+
// of the TBSCertificate structure, and the signatureAlgorithm field of the
|
1003
|
+
// Certificate.
|
1004
|
+
OPENSSL_EXPORT int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo);
|
1005
|
+
|
1006
|
+
// X509_set1_signature_value sets |x509|'s signature to a copy of the |sig_len|
|
1007
|
+
// bytes pointed by |sig|. It returns one on success and zero on error.
|
1008
|
+
//
|
1009
|
+
// Due to a specification error, X.509 certificates store signatures in ASN.1
|
1010
|
+
// BIT STRINGs, but signature algorithms return byte strings rather than bit
|
1011
|
+
// strings. This function creates a BIT STRING containing a whole number of
|
1012
|
+
// bytes, with the bit order matching the DER encoding. This matches the
|
1013
|
+
// encoding used by all X.509 signature algorithms.
|
1014
|
+
OPENSSL_EXPORT int X509_set1_signature_value(X509 *x509, const uint8_t *sig,
|
1015
|
+
size_t sig_len);
|
794
1016
|
|
795
1017
|
OPENSSL_EXPORT void X509_get0_signature(const ASN1_BIT_STRING **psig,
|
796
1018
|
const X509_ALGOR **palg, const X509 *x);
|
797
1019
|
OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x);
|
798
1020
|
|
799
|
-
OPENSSL_EXPORT int X509_alias_set1(X509 *x, unsigned char *name, int len);
|
800
|
-
OPENSSL_EXPORT int X509_keyid_set1(X509 *x, unsigned char *id, int len);
|
1021
|
+
OPENSSL_EXPORT int X509_alias_set1(X509 *x, const unsigned char *name, int len);
|
1022
|
+
OPENSSL_EXPORT int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
|
801
1023
|
OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x, int *len);
|
802
1024
|
OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x, int *len);
|
803
1025
|
OPENSSL_EXPORT int (*X509_TRUST_set_default(int (*trust)(int, X509 *,
|
@@ -825,10 +1047,9 @@ OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a);
|
|
825
1047
|
DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
|
826
1048
|
DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
|
827
1049
|
|
828
|
-
#ifndef OPENSSL_NO_EVP
|
829
1050
|
OPENSSL_EXPORT X509_INFO *X509_INFO_new(void);
|
830
1051
|
OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a);
|
831
|
-
OPENSSL_EXPORT char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
|
1052
|
+
OPENSSL_EXPORT char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
|
832
1053
|
|
833
1054
|
OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
|
834
1055
|
unsigned char *md, unsigned int *len);
|
@@ -849,25 +1070,19 @@ OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
|
|
849
1070
|
X509_ALGOR *algor2,
|
850
1071
|
ASN1_BIT_STRING *signature, void *asn,
|
851
1072
|
EVP_MD_CTX *ctx);
|
852
|
-
#endif
|
853
1073
|
|
854
1074
|
OPENSSL_EXPORT int X509_set_version(X509 *x, long version);
|
855
1075
|
OPENSSL_EXPORT int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
|
856
1076
|
OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x);
|
857
1077
|
OPENSSL_EXPORT int X509_set_issuer_name(X509 *x, X509_NAME *name);
|
858
|
-
OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(X509 *a);
|
1078
|
+
OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(const X509 *a);
|
859
1079
|
OPENSSL_EXPORT int X509_set_subject_name(X509 *x, X509_NAME *name);
|
860
|
-
OPENSSL_EXPORT X509_NAME *X509_get_subject_name(X509 *a);
|
861
|
-
OPENSSL_EXPORT int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
|
862
|
-
OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x);
|
863
|
-
OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x);
|
864
|
-
OPENSSL_EXPORT int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
|
865
|
-
OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x);
|
866
|
-
OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x);
|
1080
|
+
OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *a);
|
867
1081
|
OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
|
868
1082
|
OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x);
|
869
1083
|
OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
|
870
|
-
OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *
|
1084
|
+
OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_get0_extensions(
|
1085
|
+
const X509 *x);
|
871
1086
|
OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
|
872
1087
|
|
873
1088
|
OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *x, long version);
|
@@ -882,13 +1097,12 @@ OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
|
|
882
1097
|
OPENSSL_EXPORT int X509_REQ_extension_nid(int nid);
|
883
1098
|
OPENSSL_EXPORT const int *X509_REQ_get_extension_nids(void);
|
884
1099
|
OPENSSL_EXPORT void X509_REQ_set_extension_nids(const int *nids);
|
885
|
-
OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *
|
886
|
-
X509_REQ_get_extensions(X509_REQ *req);
|
1100
|
+
OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
|
887
1101
|
OPENSSL_EXPORT int X509_REQ_add_extensions_nid(X509_REQ *req,
|
888
|
-
STACK_OF(X509_EXTENSION) *
|
1102
|
+
STACK_OF(X509_EXTENSION) *exts,
|
889
1103
|
int nid);
|
890
1104
|
OPENSSL_EXPORT int X509_REQ_add_extensions(X509_REQ *req,
|
891
|
-
STACK_OF(X509_EXTENSION) *
|
1105
|
+
STACK_OF(X509_EXTENSION) *exts);
|
892
1106
|
OPENSSL_EXPORT int X509_REQ_get_attr_count(const X509_REQ *req);
|
893
1107
|
OPENSSL_EXPORT int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
|
894
1108
|
int lastpos);
|
@@ -911,8 +1125,6 @@ OPENSSL_EXPORT int X509_REQ_add1_attr_by_txt(X509_REQ *req,
|
|
911
1125
|
|
912
1126
|
OPENSSL_EXPORT int X509_CRL_set_version(X509_CRL *x, long version);
|
913
1127
|
OPENSSL_EXPORT int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
|
914
|
-
OPENSSL_EXPORT int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
|
915
|
-
OPENSSL_EXPORT int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
|
916
1128
|
OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
|
917
1129
|
OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl);
|
918
1130
|
|
@@ -920,16 +1132,59 @@ OPENSSL_EXPORT void X509_CRL_get0_signature(const X509_CRL *crl,
|
|
920
1132
|
const ASN1_BIT_STRING **psig,
|
921
1133
|
const X509_ALGOR **palg);
|
922
1134
|
OPENSSL_EXPORT int X509_CRL_get_signature_nid(const X509_CRL *crl);
|
923
|
-
OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
|
924
1135
|
|
1136
|
+
// i2d_re_X509_CRL_tbs serializes the TBSCertList portion of |crl|. If |outp| is
|
1137
|
+
// NULL, nothing is written. Otherwise, if |*outp| is not NULL, the result is
|
1138
|
+
// written to |*outp|, which must have enough space available, and |*outp| is
|
1139
|
+
// advanced just past the output. If |outp| is non-NULL and |*outp| is NULL, it
|
1140
|
+
// sets |*outp| to a newly-allocated buffer containing the result. The caller is
|
1141
|
+
// responsible for releasing the buffer with |OPENSSL_free|. In all cases, this
|
1142
|
+
// function returns the number of bytes in the result, whether written or not,
|
1143
|
+
// or a negative value on error.
|
1144
|
+
//
|
1145
|
+
// This function re-encodes the TBSCertList and may not reflect |crl|'s original
|
1146
|
+
// encoding. It may be used to manually generate a signature for a new CRL. To
|
1147
|
+
// verify CRLs, use |i2d_X509_CRL_tbs| instead.
|
1148
|
+
OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
|
1149
|
+
|
1150
|
+
// i2d_X509_CRL_tbs serializes the TBSCertList portion of |crl|. If |outp| is
|
1151
|
+
// NULL, nothing is written. Otherwise, if |*outp| is not NULL, the result is
|
1152
|
+
// written to |*outp|, which must have enough space available, and |*outp| is
|
1153
|
+
// advanced just past the output. If |outp| is non-NULL and |*outp| is NULL, it
|
1154
|
+
// sets |*outp| to a newly-allocated buffer containing the result. The caller is
|
1155
|
+
// responsible for releasing the buffer with |OPENSSL_free|. In all cases, this
|
1156
|
+
// function returns the number of bytes in the result, whether written or not,
|
1157
|
+
// or a negative value on error.
|
1158
|
+
//
|
1159
|
+
// This function preserves the original encoding of the TBSCertList and may not
|
1160
|
+
// reflect modifications made to |crl|. It may be used to manually verify the
|
1161
|
+
// signature of an existing CRL. To generate CRLs, use |i2d_re_X509_CRL_tbs|
|
1162
|
+
// instead.
|
1163
|
+
OPENSSL_EXPORT int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
|
1164
|
+
|
1165
|
+
// X509_REVOKED_get0_serialNumber returns the serial number of the certificate
|
1166
|
+
// revoked by |revoked|.
|
925
1167
|
OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(
|
926
|
-
const X509_REVOKED *
|
927
|
-
|
928
|
-
|
1168
|
+
const X509_REVOKED *revoked);
|
1169
|
+
|
1170
|
+
// X509_REVOKED_set_serialNumber sets |revoked|'s serial number to |serial|. It
|
1171
|
+
// returns one on success or zero on error.
|
1172
|
+
OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *revoked,
|
1173
|
+
const ASN1_INTEGER *serial);
|
1174
|
+
|
1175
|
+
// X509_REVOKED_get0_revocationDate returns the revocation time of the
|
1176
|
+
// certificate revoked by |revoked|.
|
929
1177
|
OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate(
|
930
|
-
const X509_REVOKED *
|
931
|
-
|
932
|
-
|
1178
|
+
const X509_REVOKED *revoked);
|
1179
|
+
|
1180
|
+
// X509_REVOKED_set_revocationDate sets |revoked|'s revocation time to |tm|. It
|
1181
|
+
// returns one on success or zero on error.
|
1182
|
+
OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked,
|
1183
|
+
const ASN1_TIME *tm);
|
1184
|
+
|
1185
|
+
// X509_REVOKED_get0_extensions returns |r|'s extensions.
|
1186
|
+
OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(
|
1187
|
+
const X509_REVOKED *r);
|
933
1188
|
|
934
1189
|
OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
|
935
1190
|
EVP_PKEY *skey, const EVP_MD *md,
|
@@ -939,11 +1194,11 @@ OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
|
|
939
1194
|
|
940
1195
|
OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey);
|
941
1196
|
OPENSSL_EXPORT int X509_chain_check_suiteb(int *perror_depth, X509 *x,
|
942
|
-
STACK_OF(X509) *
|
1197
|
+
STACK_OF(X509) *chain,
|
943
1198
|
unsigned long flags);
|
944
1199
|
OPENSSL_EXPORT int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk,
|
945
1200
|
unsigned long flags);
|
946
|
-
OPENSSL_EXPORT STACK_OF(X509) *
|
1201
|
+
OPENSSL_EXPORT STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
|
947
1202
|
|
948
1203
|
OPENSSL_EXPORT int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
|
949
1204
|
OPENSSL_EXPORT unsigned long X509_issuer_and_serial_hash(X509 *a);
|
@@ -970,12 +1225,12 @@ OPENSSL_EXPORT int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
|
|
970
1225
|
OPENSSL_EXPORT int X509_print_fp(FILE *bp, X509 *x);
|
971
1226
|
OPENSSL_EXPORT int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
|
972
1227
|
OPENSSL_EXPORT int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
|
973
|
-
OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm,
|
974
|
-
unsigned long flags);
|
1228
|
+
OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm,
|
1229
|
+
int indent, unsigned long flags);
|
975
1230
|
#endif
|
976
1231
|
|
977
|
-
OPENSSL_EXPORT int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
|
978
|
-
OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
|
1232
|
+
OPENSSL_EXPORT int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
|
1233
|
+
OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
|
979
1234
|
unsigned long flags);
|
980
1235
|
OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
|
981
1236
|
unsigned long cflag);
|
@@ -987,21 +1242,22 @@ OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
|
|
987
1242
|
unsigned long cflag);
|
988
1243
|
OPENSSL_EXPORT int X509_REQ_print(BIO *bp, X509_REQ *req);
|
989
1244
|
|
990
|
-
OPENSSL_EXPORT int X509_NAME_entry_count(X509_NAME *name);
|
991
|
-
OPENSSL_EXPORT int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
|
1245
|
+
OPENSSL_EXPORT int X509_NAME_entry_count(const X509_NAME *name);
|
1246
|
+
OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
|
992
1247
|
char *buf, int len);
|
993
|
-
OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(X509_NAME *name,
|
1248
|
+
OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
|
994
1249
|
const ASN1_OBJECT *obj, char *buf,
|
995
1250
|
int len);
|
996
1251
|
|
997
1252
|
// NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
|
998
1253
|
// lastpos, search after that position on.
|
999
|
-
OPENSSL_EXPORT int X509_NAME_get_index_by_NID(X509_NAME *name, int nid,
|
1254
|
+
OPENSSL_EXPORT int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
|
1000
1255
|
int lastpos);
|
1001
|
-
OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(X509_NAME *name,
|
1256
|
+
OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(const X509_NAME *name,
|
1002
1257
|
const ASN1_OBJECT *obj,
|
1003
1258
|
int lastpos);
|
1004
|
-
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name,
|
1259
|
+
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name,
|
1260
|
+
int loc);
|
1005
1261
|
OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name,
|
1006
1262
|
int loc);
|
1007
1263
|
OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
|
@@ -1032,105 +1288,148 @@ OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
|
|
1032
1288
|
OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
|
1033
1289
|
const unsigned char *bytes,
|
1034
1290
|
int len);
|
1035
|
-
OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(
|
1036
|
-
|
1291
|
+
OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(
|
1292
|
+
const X509_NAME_ENTRY *ne);
|
1293
|
+
OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
|
1037
1294
|
|
1038
|
-
OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *
|
1039
|
-
OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *
|
1295
|
+
OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
|
1296
|
+
OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
|
1040
1297
|
int nid, int lastpos);
|
1041
|
-
OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *
|
1298
|
+
OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
|
1042
1299
|
const ASN1_OBJECT *obj, int lastpos);
|
1043
|
-
OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *
|
1044
|
-
x,
|
1300
|
+
OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
|
1045
1301
|
int crit, int lastpos);
|
1046
|
-
OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *
|
1047
|
-
x,
|
1302
|
+
OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x,
|
1048
1303
|
int loc);
|
1049
|
-
OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *
|
1304
|
+
OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x,
|
1050
1305
|
int loc);
|
1051
|
-
OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *
|
1052
|
-
|
1053
|
-
|
1054
|
-
OPENSSL_EXPORT int X509_get_ext_count(X509 *x);
|
1055
|
-
OPENSSL_EXPORT int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
|
1056
|
-
OPENSSL_EXPORT int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj,
|
1057
|
-
|
1058
|
-
OPENSSL_EXPORT
|
1306
|
+
OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext(
|
1307
|
+
STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc);
|
1308
|
+
|
1309
|
+
OPENSSL_EXPORT int X509_get_ext_count(const X509 *x);
|
1310
|
+
OPENSSL_EXPORT int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
|
1311
|
+
OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj,
|
1312
|
+
int lastpos);
|
1313
|
+
OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit,
|
1314
|
+
int lastpos);
|
1315
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
|
1059
1316
|
OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
|
1060
1317
|
OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
|
1061
|
-
|
1318
|
+
|
1319
|
+
// X509_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the extension in
|
1320
|
+
// |x509|'s extension list.
|
1321
|
+
//
|
1322
|
+
// WARNING: This function is difficult to use correctly. See the documentation
|
1323
|
+
// for |X509V3_get_d2i| for details.
|
1324
|
+
OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid,
|
1325
|
+
int *out_critical, int *out_idx);
|
1326
|
+
|
1327
|
+
// X509_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension to
|
1328
|
+
// |x|'s extension list.
|
1329
|
+
//
|
1330
|
+
// WARNING: This function may return zero or -1 on error. The caller must also
|
1331
|
+
// ensure |value|'s type matches |nid|. See the documentation for
|
1332
|
+
// |X509V3_add1_i2d| for details.
|
1062
1333
|
OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
|
1063
1334
|
unsigned long flags);
|
1064
1335
|
|
1065
|
-
OPENSSL_EXPORT int X509_CRL_get_ext_count(X509_CRL *x);
|
1066
|
-
OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid,
|
1067
|
-
OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj,
|
1336
|
+
OPENSSL_EXPORT int X509_CRL_get_ext_count(const X509_CRL *x);
|
1337
|
+
OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid,
|
1068
1338
|
int lastpos);
|
1069
|
-
OPENSSL_EXPORT int
|
1339
|
+
OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(const X509_CRL *x,
|
1340
|
+
const ASN1_OBJECT *obj, int lastpos);
|
1341
|
+
OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit,
|
1070
1342
|
int lastpos);
|
1071
|
-
OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
|
1343
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
|
1072
1344
|
OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
|
1073
1345
|
OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
|
1074
|
-
|
1075
|
-
|
1346
|
+
|
1347
|
+
// X509_CRL_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
|
1348
|
+
// extension in |crl|'s extension list.
|
1349
|
+
//
|
1350
|
+
// WARNING: This function is difficult to use correctly. See the documentation
|
1351
|
+
// for |X509V3_get_d2i| for details.
|
1352
|
+
OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid,
|
1353
|
+
int *out_critical, int *out_idx);
|
1354
|
+
|
1355
|
+
// X509_CRL_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension
|
1356
|
+
// to |x|'s extension list.
|
1357
|
+
//
|
1358
|
+
// WARNING: This function may return zero or -1 on error. The caller must also
|
1359
|
+
// ensure |value|'s type matches |nid|. See the documentation for
|
1360
|
+
// |X509V3_add1_i2d| for details.
|
1076
1361
|
OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value,
|
1077
1362
|
int crit, unsigned long flags);
|
1078
1363
|
|
1079
|
-
OPENSSL_EXPORT int X509_REVOKED_get_ext_count(X509_REVOKED *x);
|
1080
|
-
OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid,
|
1364
|
+
OPENSSL_EXPORT int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
|
1365
|
+
OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid,
|
1081
1366
|
int lastpos);
|
1082
|
-
OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,
|
1083
|
-
ASN1_OBJECT *obj,
|
1084
|
-
|
1085
|
-
|
1086
|
-
|
1367
|
+
OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x,
|
1368
|
+
const ASN1_OBJECT *obj,
|
1369
|
+
int lastpos);
|
1370
|
+
OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x,
|
1371
|
+
int crit, int lastpos);
|
1372
|
+
OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x,
|
1373
|
+
int loc);
|
1087
1374
|
OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
|
1088
1375
|
int loc);
|
1089
1376
|
OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex,
|
1090
1377
|
int loc);
|
1091
|
-
|
1092
|
-
|
1378
|
+
|
1379
|
+
// X509_REVOKED_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
|
1380
|
+
// extension in |revoked|'s extension list.
|
1381
|
+
//
|
1382
|
+
// WARNING: This function is difficult to use correctly. See the documentation
|
1383
|
+
// for |X509V3_get_d2i| for details.
|
1384
|
+
OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *revoked,
|
1385
|
+
int nid, int *out_critical,
|
1386
|
+
int *out_idx);
|
1387
|
+
|
1388
|
+
// X509_REVOKED_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the
|
1389
|
+
// extension to |x|'s extension list.
|
1390
|
+
//
|
1391
|
+
// WARNING: This function may return zero or -1 on error. The caller must also
|
1392
|
+
// ensure |value|'s type matches |nid|. See the documentation for
|
1393
|
+
// |X509V3_add1_i2d| for details.
|
1093
1394
|
OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
|
1094
1395
|
void *value, int crit,
|
1095
1396
|
unsigned long flags);
|
1096
1397
|
|
1097
1398
|
OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID(
|
1098
|
-
X509_EXTENSION **ex, int nid, int crit, ASN1_OCTET_STRING *data);
|
1399
|
+
X509_EXTENSION **ex, int nid, int crit, const ASN1_OCTET_STRING *data);
|
1099
1400
|
OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ(
|
1100
1401
|
X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit,
|
1101
|
-
ASN1_OCTET_STRING *data);
|
1402
|
+
const ASN1_OCTET_STRING *data);
|
1102
1403
|
OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex,
|
1103
1404
|
const ASN1_OBJECT *obj);
|
1104
1405
|
OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
|
1105
1406
|
OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex,
|
1106
|
-
ASN1_OCTET_STRING *data);
|
1407
|
+
const ASN1_OCTET_STRING *data);
|
1107
1408
|
OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
|
1108
1409
|
OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
|
1109
1410
|
OPENSSL_EXPORT int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
|
1110
1411
|
|
1111
|
-
OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *
|
1112
|
-
OPENSSL_EXPORT int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *
|
1412
|
+
OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
|
1413
|
+
OPENSSL_EXPORT int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x,
|
1113
1414
|
int nid, int lastpos);
|
1114
|
-
OPENSSL_EXPORT int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *
|
1415
|
+
OPENSSL_EXPORT int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
|
1115
1416
|
const ASN1_OBJECT *obj, int lastpos);
|
1116
|
-
OPENSSL_EXPORT X509_ATTRIBUTE *X509at_get_attr(
|
1117
|
-
|
1118
|
-
|
1119
|
-
OPENSSL_EXPORT X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) * x,
|
1417
|
+
OPENSSL_EXPORT X509_ATTRIBUTE *X509at_get_attr(
|
1418
|
+
const STACK_OF(X509_ATTRIBUTE) *x, int loc);
|
1419
|
+
OPENSSL_EXPORT X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x,
|
1120
1420
|
int loc);
|
1121
|
-
OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *
|
1122
|
-
|
1123
|
-
OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *
|
1124
|
-
|
1125
|
-
|
1126
|
-
|
1127
|
-
|
1128
|
-
|
1129
|
-
|
1130
|
-
|
1131
|
-
|
1132
|
-
|
1133
|
-
OPENSSL_EXPORT void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) * x,
|
1421
|
+
OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(
|
1422
|
+
STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr);
|
1423
|
+
OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(
|
1424
|
+
STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj, int type,
|
1425
|
+
const unsigned char *bytes, int len);
|
1426
|
+
OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(
|
1427
|
+
STACK_OF(X509_ATTRIBUTE) **x, int nid, int type, const unsigned char *bytes,
|
1428
|
+
int len);
|
1429
|
+
OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(
|
1430
|
+
STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, int type,
|
1431
|
+
const unsigned char *bytes, int len);
|
1432
|
+
OPENSSL_EXPORT void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
|
1134
1433
|
ASN1_OBJECT *obj, int lastpos,
|
1135
1434
|
int type);
|
1136
1435
|
OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(
|
@@ -1155,10 +1454,10 @@ OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr,
|
|
1155
1454
|
OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx);
|
1156
1455
|
|
1157
1456
|
// lookup a cert from a X509 STACK
|
1158
|
-
OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *
|
1457
|
+
OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,
|
1159
1458
|
X509_NAME *name,
|
1160
1459
|
ASN1_INTEGER *serial);
|
1161
|
-
OPENSSL_EXPORT X509 *X509_find_by_subject(STACK_OF(X509) *
|
1460
|
+
OPENSSL_EXPORT X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
|
1162
1461
|
|
1163
1462
|
// PKCS#8 utilities
|
1164
1463
|
|
@@ -1190,9 +1489,9 @@ OPENSSL_EXPORT int X509_TRUST_add(int id, int flags,
|
|
1190
1489
|
int (*ck)(X509_TRUST *, X509 *, int),
|
1191
1490
|
char *name, int arg1, void *arg2);
|
1192
1491
|
OPENSSL_EXPORT void X509_TRUST_cleanup(void);
|
1193
|
-
OPENSSL_EXPORT int X509_TRUST_get_flags(X509_TRUST *xp);
|
1194
|
-
OPENSSL_EXPORT char *X509_TRUST_get0_name(X509_TRUST *xp);
|
1195
|
-
OPENSSL_EXPORT int X509_TRUST_get_trust(X509_TRUST *xp);
|
1492
|
+
OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp);
|
1493
|
+
OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp);
|
1494
|
+
OPENSSL_EXPORT int X509_TRUST_get_trust(const X509_TRUST *xp);
|
1196
1495
|
|
1197
1496
|
|
1198
1497
|
typedef struct rsa_pss_params_st {
|