grpc 1.35.0.pre1 → 1.37.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +121 -89
- data/include/grpc/grpc.h +15 -1
- data/include/grpc/grpc_security.h +16 -11
- data/include/grpc/impl/codegen/port_platform.h +2 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +359 -331
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
- data/src/core/ext/filters/client_channel/config_selector.h +9 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -4
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy.cc +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -25
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +232 -110
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +34 -50
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +377 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +307 -155
- data/src/core/ext/filters/client_channel/server_address.cc +9 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +69 -146
- data/src/core/ext/filters/client_channel/subchannel.h +63 -95
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +10 -8
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +500 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +3 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -2
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +490 -178
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +39 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +5 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +6 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +25 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +57 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +150 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +19 -21
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +64 -51
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +10 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +753 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +371 -377
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +8 -7
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +9 -9
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +2149 -666
- data/src/core/ext/xds/xds_api.h +321 -119
- data/src/core/ext/xds/xds_bootstrap.cc +80 -45
- data/src/core/ext/xds/xds_bootstrap.h +17 -5
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +181 -34
- data/src/core/ext/xds/xds_client.h +29 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_client_stats.h +2 -2
- data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
- data/src/core/ext/xds/xds_http_filters.cc +114 -0
- data/src/core/ext/xds/xds_http_filters.h +130 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +425 -24
- data/src/core/lib/channel/channel_stack.cc +12 -0
- data/src/core/lib/channel/channel_stack.h +7 -0
- data/src/core/lib/channel/channelz.cc +92 -4
- data/src/core/lib/channel/channelz.h +30 -1
- data/src/core/lib/channel/channelz_registry.cc +14 -0
- data/src/core/lib/channel/handshaker.cc +2 -44
- data/src/core/lib/channel/handshaker.h +1 -18
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +5 -0
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gpr/sync_abseil.cc +3 -6
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gprpp/atomic.h +3 -3
- data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/ref_counted_ptr.h +2 -0
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/thd.h +1 -1
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/buffer_list.h +1 -1
- data/src/core/lib/iomgr/cfstream_handle.cc +2 -2
- data/src/core/lib/iomgr/error.h +1 -1
- data/src/core/lib/iomgr/ev_apple.cc +11 -8
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +3 -3
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/ev_posix.cc +3 -3
- data/src/core/lib/iomgr/exec_ctx.cc +6 -2
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/resource_quota.cc +1 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +121 -1
- data/src/core/lib/iomgr/sockaddr_utils.h +25 -0
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +5 -8
- data/src/core/lib/iomgr/tcp_uv.cc +2 -2
- data/src/core/lib/iomgr/timer_generic.cc +2 -2
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
- data/src/core/lib/matchers/matchers.cc +339 -0
- data/src/core/lib/matchers/matchers.h +160 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +9 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +32 -14
- data/src/core/lib/security/transport/security_handshaker.cc +33 -5
- data/src/core/lib/security/transport/server_auth_filter.cc +7 -0
- data/src/core/lib/slice/slice_intern.cc +5 -6
- data/src/core/lib/surface/channel.h +3 -3
- data/src/core/lib/surface/completion_queue.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/lame_client.cc +38 -19
- data/src/core/lib/surface/lame_client.h +4 -3
- data/src/core/lib/surface/server.cc +43 -36
- data/src/core/lib/surface/server.h +76 -14
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/lib/transport/metadata_batch.cc +27 -0
- data/src/core/lib/transport/metadata_batch.h +14 -0
- data/src/core/plugin_registry/grpc_plugin_registry.cc +12 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +18 -24
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/fake_transport_security.cc +11 -2
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/ext/grpc/extconf.rb +9 -1
- data/src/ruby/ext/grpc/rb_channel.c +10 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_grpc.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
- data/src/ruby/ext/grpc/rb_server.c +13 -1
- data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +715 -713
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +21 -13
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +135 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -29
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +22 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +67 -33
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -99
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +362 -50
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- data/third_party/xxhash/xxhash.h +5443 -0
- metadata +140 -84
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/authorization_engine.h +0 -84
- data/src/core/lib/security/authorization/evaluate_args.cc +0 -148
- data/src/core/lib/security/authorization/evaluate_args.h +0 -59
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
- data/third_party/upb/upb/json_decode.c +0 -1443
- data/third_party/upb/upb/json_decode.h +0 -23
- data/third_party/upb/upb/json_encode.c +0 -713
- data/third_party/upb/upb/json_encode.h +0 -36
@@ -70,7 +70,8 @@ grpc_alts_server_credentials::grpc_alts_server_credentials(
|
|
70
70
|
}
|
71
71
|
|
72
72
|
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
73
|
-
grpc_alts_server_credentials::create_security_connector(
|
73
|
+
grpc_alts_server_credentials::create_security_connector(
|
74
|
+
const grpc_channel_args* /* args */) {
|
74
75
|
return grpc_alts_server_security_connector_create(this->Ref());
|
75
76
|
}
|
76
77
|
|
@@ -56,7 +56,7 @@ class grpc_alts_server_credentials final : public grpc_server_credentials {
|
|
56
56
|
~grpc_alts_server_credentials() override;
|
57
57
|
|
58
58
|
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
59
|
-
create_security_connector() override;
|
59
|
+
create_security_connector(const grpc_channel_args* /* args */) override;
|
60
60
|
|
61
61
|
const grpc_alts_credentials_options* options() const { return options_; }
|
62
62
|
grpc_alts_credentials_options* mutable_options() { return options_; }
|
@@ -227,8 +227,9 @@ struct grpc_server_credentials
|
|
227
227
|
|
228
228
|
~grpc_server_credentials() override { DestroyProcessor(); }
|
229
229
|
|
230
|
+
// Ownership of \a args is not passed.
|
230
231
|
virtual grpc_core::RefCountedPtr<grpc_server_security_connector>
|
231
|
-
create_security_connector() = 0;
|
232
|
+
create_security_connector(const grpc_channel_args* args) = 0;
|
232
233
|
|
233
234
|
const char* type() const { return type_; }
|
234
235
|
|
@@ -120,7 +120,7 @@ AwsExternalAccountCredentials::AwsExternalAccountCredentials(
|
|
120
120
|
}
|
121
121
|
|
122
122
|
void AwsExternalAccountCredentials::RetrieveSubjectToken(
|
123
|
-
HTTPRequestContext* ctx, const Options& options
|
123
|
+
HTTPRequestContext* ctx, const Options& /*options*/,
|
124
124
|
std::function<void(std::string, grpc_error*)> cb) {
|
125
125
|
if (ctx == nullptr) {
|
126
126
|
FinishRetrieveSubjectToken(
|
@@ -316,7 +316,7 @@ void ExternalAccountCredentials::OnExchangeTokenInternal(grpc_error* error) {
|
|
316
316
|
std::string(ctx_->response.body, ctx_->response.body_length).c_str());
|
317
317
|
metadata_req_->response.hdrs = static_cast<grpc_http_header*>(
|
318
318
|
gpr_malloc(sizeof(grpc_http_header) * ctx_->response.hdr_count));
|
319
|
-
for (
|
319
|
+
for (size_t i = 0; i < ctx_->response.hdr_count; i++) {
|
320
320
|
metadata_req_->response.hdrs[i].key =
|
321
321
|
gpr_strdup(ctx_->response.hdrs[i].key);
|
322
322
|
metadata_req_->response.hdrs[i].value =
|
@@ -443,7 +443,7 @@ void ExternalAccountCredentials::OnImpersenateServiceAccountInternal(
|
|
443
443
|
metadata_req_->response.body_length = body.length();
|
444
444
|
metadata_req_->response.hdrs = static_cast<grpc_http_header*>(
|
445
445
|
gpr_malloc(sizeof(grpc_http_header) * ctx_->response.hdr_count));
|
446
|
-
for (
|
446
|
+
for (size_t i = 0; i < ctx_->response.hdr_count; i++) {
|
447
447
|
metadata_req_->response.hdrs[i].key =
|
448
448
|
gpr_strdup(ctx_->response.hdrs[i].key);
|
449
449
|
metadata_req_->response.hdrs[i].value =
|
@@ -91,7 +91,7 @@ FileExternalAccountCredentials::FileExternalAccountCredentials(
|
|
91
91
|
}
|
92
92
|
|
93
93
|
void FileExternalAccountCredentials::RetrieveSubjectToken(
|
94
|
-
HTTPRequestContext* ctx
|
94
|
+
HTTPRequestContext* /*ctx*/, const Options& /*options*/,
|
95
95
|
std::function<void(std::string, grpc_error*)> cb) {
|
96
96
|
struct SliceWrapper {
|
97
97
|
~SliceWrapper() { grpc_slice_unref_internal(slice); }
|
@@ -112,7 +112,7 @@ UrlExternalAccountCredentials::UrlExternalAccountCredentials(
|
|
112
112
|
}
|
113
113
|
|
114
114
|
void UrlExternalAccountCredentials::RetrieveSubjectToken(
|
115
|
-
HTTPRequestContext* ctx, const Options& options
|
115
|
+
HTTPRequestContext* ctx, const Options& /*options*/,
|
116
116
|
std::function<void(std::string, grpc_error*)> cb) {
|
117
117
|
if (ctx == nullptr) {
|
118
118
|
FinishRetrieveSubjectToken(
|
@@ -59,7 +59,7 @@ class grpc_fake_server_credentials final : public grpc_server_credentials {
|
|
59
59
|
~grpc_fake_server_credentials() override = default;
|
60
60
|
|
61
61
|
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
62
|
-
create_security_connector() override {
|
62
|
+
create_security_connector(const grpc_channel_args* /*args*/) override {
|
63
63
|
return grpc_fake_server_security_connector_create(this->Ref());
|
64
64
|
}
|
65
65
|
};
|
@@ -61,7 +61,7 @@ using grpc_core::Json;
|
|
61
61
|
* means the detection is done via network test that is unreliable and the
|
62
62
|
* unreliable result should not be referred by successive calls. */
|
63
63
|
static int g_metadata_server_available = 0;
|
64
|
-
static
|
64
|
+
static grpc_core::Mutex* g_state_mu;
|
65
65
|
/* Protect a metadata_server_detector instance that can be modified by more than
|
66
66
|
* one gRPC threads */
|
67
67
|
static gpr_mu* g_polling_mu;
|
@@ -69,7 +69,9 @@ static gpr_once g_once = GPR_ONCE_INIT;
|
|
69
69
|
static grpc_core::internal::grpc_gce_tenancy_checker g_gce_tenancy_checker =
|
70
70
|
grpc_alts_is_running_on_gcp;
|
71
71
|
|
72
|
-
static void init_default_credentials(void) {
|
72
|
+
static void init_default_credentials(void) {
|
73
|
+
g_state_mu = new grpc_core::Mutex();
|
74
|
+
}
|
73
75
|
|
74
76
|
struct metadata_server_detector {
|
75
77
|
grpc_polling_entity pollent;
|
@@ -282,7 +284,7 @@ end:
|
|
282
284
|
|
283
285
|
static void update_tenancy() {
|
284
286
|
gpr_once_init(&g_once, init_default_credentials);
|
285
|
-
grpc_core::MutexLock lock(
|
287
|
+
grpc_core::MutexLock lock(g_state_mu);
|
286
288
|
|
287
289
|
/* Try a platform-provided hint for GCE. */
|
288
290
|
if (!g_metadata_server_available) {
|
@@ -297,7 +299,7 @@ static void update_tenancy() {
|
|
297
299
|
}
|
298
300
|
|
299
301
|
static bool metadata_server_available() {
|
300
|
-
grpc_core::MutexLock lock(
|
302
|
+
grpc_core::MutexLock lock(g_state_mu);
|
301
303
|
return static_cast<bool>(g_metadata_server_available);
|
302
304
|
}
|
303
305
|
|
@@ -387,9 +389,8 @@ void set_gce_tenancy_checker_for_testing(grpc_gce_tenancy_checker checker) {
|
|
387
389
|
void grpc_flush_cached_google_default_credentials(void) {
|
388
390
|
grpc_core::ExecCtx exec_ctx;
|
389
391
|
gpr_once_init(&g_once, init_default_credentials);
|
390
|
-
|
392
|
+
grpc_core::MutexLock lock(g_state_mu);
|
391
393
|
g_metadata_server_available = 0;
|
392
|
-
gpr_mu_unlock(&g_state_mu);
|
393
394
|
}
|
394
395
|
|
395
396
|
} // namespace internal
|
@@ -46,8 +46,8 @@ class InsecureServerCredentials final : public grpc_server_credentials {
|
|
46
46
|
InsecureServerCredentials()
|
47
47
|
: grpc_server_credentials(kCredentialsTypeInsecure) {}
|
48
48
|
|
49
|
-
RefCountedPtr<grpc_server_security_connector> create_security_connector(
|
50
|
-
override {
|
49
|
+
RefCountedPtr<grpc_server_security_connector> create_security_connector(
|
50
|
+
const grpc_channel_args* /* args */) override {
|
51
51
|
return MakeRefCounted<InsecureServerSecurityConnector>(Ref());
|
52
52
|
}
|
53
53
|
};
|
@@ -33,14 +33,11 @@
|
|
33
33
|
#include "src/core/lib/security/util/json_util.h"
|
34
34
|
#include "src/core/lib/slice/b64.h"
|
35
35
|
|
36
|
-
#pragma clang diagnostic push
|
37
|
-
#pragma clang diagnostic ignored "-Wmodule-import-in-extern-c"
|
38
36
|
extern "C" {
|
39
37
|
#include <openssl/bio.h>
|
40
38
|
#include <openssl/evp.h>
|
41
39
|
#include <openssl/pem.h>
|
42
40
|
}
|
43
|
-
#pragma clang diagnostic pop
|
44
41
|
|
45
42
|
using grpc_core::Json;
|
46
43
|
|
@@ -28,14 +28,11 @@
|
|
28
28
|
#include <grpc/support/string_util.h>
|
29
29
|
#include <grpc/support/sync.h>
|
30
30
|
|
31
|
-
#pragma clang diagnostic push
|
32
|
-
#pragma clang diagnostic ignored "-Wmodule-import-in-extern-c"
|
33
31
|
extern "C" {
|
34
32
|
#include <openssl/bn.h>
|
35
33
|
#include <openssl/pem.h>
|
36
34
|
#include <openssl/rsa.h>
|
37
35
|
}
|
38
|
-
#pragma clang diagnostic pop
|
39
36
|
|
40
37
|
#include "src/core/lib/gpr/string.h"
|
41
38
|
#include "src/core/lib/gprpp/manual_constructor.h"
|
@@ -39,7 +39,8 @@ grpc_local_credentials::create_security_connector(
|
|
39
39
|
}
|
40
40
|
|
41
41
|
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
42
|
-
grpc_local_server_credentials::create_security_connector(
|
42
|
+
grpc_local_server_credentials::create_security_connector(
|
43
|
+
const grpc_channel_args* /* args */) {
|
43
44
|
return grpc_local_server_security_connector_create(this->Ref());
|
44
45
|
}
|
45
46
|
|
@@ -50,7 +50,7 @@ class grpc_local_server_credentials final : public grpc_server_credentials {
|
|
50
50
|
~grpc_local_server_credentials() override = default;
|
51
51
|
|
52
52
|
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
53
|
-
create_security_connector() override;
|
53
|
+
create_security_connector(const grpc_channel_args* /* args */) override;
|
54
54
|
|
55
55
|
grpc_local_connect_type connect_type() const { return connect_type_; }
|
56
56
|
|
@@ -190,7 +190,8 @@ grpc_ssl_server_credentials::~grpc_ssl_server_credentials() {
|
|
190
190
|
gpr_free(config_.pem_root_certs);
|
191
191
|
}
|
192
192
|
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
193
|
-
grpc_ssl_server_credentials::create_security_connector(
|
193
|
+
grpc_ssl_server_credentials::create_security_connector(
|
194
|
+
const grpc_channel_args* /* args */) {
|
194
195
|
return grpc_ssl_server_security_connector_create(this->Ref());
|
195
196
|
}
|
196
197
|
|
@@ -69,7 +69,7 @@ class grpc_ssl_server_credentials final : public grpc_server_credentials {
|
|
69
69
|
~grpc_ssl_server_credentials() override;
|
70
70
|
|
71
71
|
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
72
|
-
create_security_connector() override;
|
72
|
+
create_security_connector(const grpc_channel_args* /* args */) override;
|
73
73
|
|
74
74
|
bool has_cert_config_fetcher() const {
|
75
75
|
return certificate_config_fetcher_.cb != nullptr;
|
@@ -106,7 +106,8 @@ TlsServerCredentials::TlsServerCredentials(
|
|
106
106
|
TlsServerCredentials::~TlsServerCredentials() {}
|
107
107
|
|
108
108
|
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
109
|
-
TlsServerCredentials::create_security_connector(
|
109
|
+
TlsServerCredentials::create_security_connector(
|
110
|
+
const grpc_channel_args* /* args */) {
|
110
111
|
return grpc_core::TlsServerSecurityConnector::
|
111
112
|
CreateTlsServerSecurityConnector(this->Ref(), options_);
|
112
113
|
}
|
@@ -51,7 +51,7 @@ class TlsServerCredentials final : public grpc_server_credentials {
|
|
51
51
|
~TlsServerCredentials() override;
|
52
52
|
|
53
53
|
grpc_core::RefCountedPtr<grpc_server_security_connector>
|
54
|
-
create_security_connector() override;
|
54
|
+
create_security_connector(const grpc_channel_args* /* args */) override;
|
55
55
|
|
56
56
|
grpc_tls_credentials_options* options() const { return options_.get(); }
|
57
57
|
|
@@ -20,6 +20,7 @@
|
|
20
20
|
|
21
21
|
#include "src/core/lib/security/credentials/xds/xds_credentials.h"
|
22
22
|
|
23
|
+
#include "src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h"
|
23
24
|
#include "src/core/ext/xds/xds_certificate_provider.h"
|
24
25
|
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
|
25
26
|
#include "src/core/lib/security/credentials/tls/tls_credentials.h"
|
@@ -35,11 +36,11 @@ namespace {
|
|
35
36
|
bool XdsVerifySubjectAlternativeNames(
|
36
37
|
const char* const* subject_alternative_names,
|
37
38
|
size_t subject_alternative_names_size,
|
38
|
-
const std::vector<
|
39
|
+
const std::vector<StringMatcher>& matchers) {
|
39
40
|
if (matchers.empty()) return true;
|
40
41
|
for (size_t i = 0; i < subject_alternative_names_size; ++i) {
|
41
42
|
for (const auto& matcher : matchers) {
|
42
|
-
if (matcher.type() ==
|
43
|
+
if (matcher.type() == StringMatcher::Type::EXACT) {
|
43
44
|
// For EXACT match, use DNS rules for verifying SANs
|
44
45
|
// TODO(zhenlian): Right now, the SSL layer does not save the type of
|
45
46
|
// the SAN, so we are doing a DNS style verification for all SANs when
|
@@ -60,39 +61,51 @@ bool XdsVerifySubjectAlternativeNames(
|
|
60
61
|
return false;
|
61
62
|
}
|
62
63
|
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
arg
|
74
|
-
arg->status = GRPC_STATUS_UNAUTHENTICATED;
|
75
|
-
if (arg->error_details) {
|
76
|
-
arg->error_details->set_error_details(
|
77
|
-
"SANs from certificate did not match SANs from xDS control plane");
|
78
|
-
}
|
64
|
+
class ServerAuthCheck {
|
65
|
+
public:
|
66
|
+
ServerAuthCheck(
|
67
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider,
|
68
|
+
std::string cluster_name)
|
69
|
+
: xds_certificate_provider_(std::move(xds_certificate_provider)),
|
70
|
+
cluster_name_(std::move(cluster_name)) {}
|
71
|
+
|
72
|
+
static int Schedule(void* config_user_data,
|
73
|
+
grpc_tls_server_authorization_check_arg* arg) {
|
74
|
+
return static_cast<ServerAuthCheck*>(config_user_data)->ScheduleImpl(arg);
|
79
75
|
}
|
80
76
|
|
81
|
-
|
82
|
-
|
77
|
+
static void Destroy(void* config_user_data) {
|
78
|
+
delete static_cast<ServerAuthCheck*>(config_user_data);
|
79
|
+
}
|
83
80
|
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
81
|
+
private:
|
82
|
+
int ScheduleImpl(grpc_tls_server_authorization_check_arg* arg) {
|
83
|
+
if (XdsVerifySubjectAlternativeNames(
|
84
|
+
arg->subject_alternative_names, arg->subject_alternative_names_size,
|
85
|
+
xds_certificate_provider_->GetSanMatchers(cluster_name_))) {
|
86
|
+
arg->success = 1;
|
87
|
+
arg->status = GRPC_STATUS_OK;
|
88
|
+
} else {
|
89
|
+
arg->success = 0;
|
90
|
+
arg->status = GRPC_STATUS_UNAUTHENTICATED;
|
91
|
+
if (arg->error_details) {
|
92
|
+
arg->error_details->set_error_details(
|
93
|
+
"SANs from certificate did not match SANs from xDS control plane");
|
94
|
+
}
|
95
|
+
}
|
96
|
+
return 0; /* synchronous check */
|
97
|
+
}
|
98
|
+
|
99
|
+
RefCountedPtr<XdsCertificateProvider> xds_certificate_provider_;
|
100
|
+
std::string cluster_name_;
|
101
|
+
};
|
89
102
|
|
90
103
|
} // namespace
|
91
104
|
|
92
105
|
bool TestOnlyXdsVerifySubjectAlternativeNames(
|
93
106
|
const char* const* subject_alternative_names,
|
94
107
|
size_t subject_alternative_names_size,
|
95
|
-
const std::vector<
|
108
|
+
const std::vector<StringMatcher>& matchers) {
|
96
109
|
return XdsVerifySubjectAlternativeNames(
|
97
110
|
subject_alternative_names, subject_alternative_names_size, matchers);
|
98
111
|
}
|
@@ -105,49 +118,79 @@ RefCountedPtr<grpc_channel_security_connector>
|
|
105
118
|
XdsCredentials::create_security_connector(
|
106
119
|
RefCountedPtr<grpc_call_credentials> call_creds, const char* target_name,
|
107
120
|
const grpc_channel_args* args, grpc_channel_args** new_args) {
|
108
|
-
|
109
|
-
|
121
|
+
struct ChannelArgsDeleter {
|
122
|
+
const grpc_channel_args* args;
|
123
|
+
bool owned;
|
124
|
+
~ChannelArgsDeleter() {
|
125
|
+
if (owned) grpc_channel_args_destroy(args);
|
126
|
+
}
|
127
|
+
};
|
128
|
+
ChannelArgsDeleter temp_args{args, false};
|
110
129
|
// TODO(yashykt): This arg will no longer need to be added after b/173119596
|
111
130
|
// is fixed.
|
112
131
|
grpc_arg override_arg = grpc_channel_arg_string_create(
|
113
132
|
const_cast<char*>(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG),
|
114
133
|
const_cast<char*>(target_name));
|
115
134
|
const char* override_arg_name = GRPC_SSL_TARGET_NAME_OVERRIDE_ARG;
|
116
|
-
const grpc_channel_args* temp_args = args;
|
117
135
|
if (grpc_channel_args_find(args, override_arg_name) == nullptr) {
|
118
|
-
temp_args = grpc_channel_args_copy_and_add_and_remove(
|
136
|
+
temp_args.args = grpc_channel_args_copy_and_add_and_remove(
|
119
137
|
args, &override_arg_name, 1, &override_arg, 1);
|
138
|
+
temp_args.owned = true;
|
120
139
|
}
|
121
140
|
RefCountedPtr<grpc_channel_security_connector> security_connector;
|
141
|
+
auto xds_certificate_provider =
|
142
|
+
XdsCertificateProvider::GetFromChannelArgs(args);
|
122
143
|
if (xds_certificate_provider != nullptr) {
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
144
|
+
std::string cluster_name =
|
145
|
+
grpc_channel_args_find_string(args, GRPC_ARG_XDS_CLUSTER_NAME);
|
146
|
+
GPR_ASSERT(cluster_name.data() != nullptr);
|
147
|
+
const bool watch_root =
|
148
|
+
xds_certificate_provider->ProvidesRootCerts(cluster_name);
|
149
|
+
const bool watch_identity =
|
150
|
+
xds_certificate_provider->ProvidesIdentityCerts(cluster_name);
|
151
|
+
if (watch_root || watch_identity) {
|
152
|
+
auto tls_credentials_options =
|
153
|
+
MakeRefCounted<grpc_tls_credentials_options>();
|
154
|
+
tls_credentials_options->set_certificate_provider(
|
155
|
+
xds_certificate_provider);
|
156
|
+
if (watch_root) {
|
157
|
+
tls_credentials_options->set_watch_root_cert(true);
|
158
|
+
tls_credentials_options->set_root_cert_name(cluster_name);
|
159
|
+
}
|
160
|
+
if (watch_identity) {
|
161
|
+
tls_credentials_options->set_watch_identity_pair(true);
|
162
|
+
tls_credentials_options->set_identity_cert_name(cluster_name);
|
163
|
+
}
|
164
|
+
tls_credentials_options->set_server_verification_option(
|
165
|
+
GRPC_TLS_SKIP_HOSTNAME_VERIFICATION);
|
166
|
+
auto* server_auth_check = new ServerAuthCheck(xds_certificate_provider,
|
167
|
+
std::move(cluster_name));
|
168
|
+
tls_credentials_options->set_server_authorization_check_config(
|
169
|
+
MakeRefCounted<grpc_tls_server_authorization_check_config>(
|
170
|
+
server_auth_check, ServerAuthCheck::Schedule, nullptr,
|
171
|
+
ServerAuthCheck::Destroy));
|
172
|
+
// TODO(yashkt): Creating a new TlsCreds object each time we create a
|
173
|
+
// security connector means that the security connector's cmp() method
|
174
|
+
// returns unequal for each instance, which means that every time an LB
|
175
|
+
// policy updates, all the subchannels will be recreated. This is
|
176
|
+
// going to lead to a lot of connection churn. Instead, we should
|
177
|
+
// either (a) change the TLS security connector's cmp() method to be
|
178
|
+
// smarter somehow, so that it compares unequal only when the
|
179
|
+
// tls_credentials_options have changed, or (b) cache the TlsCreds
|
180
|
+
// objects in the XdsCredentials object so that we can reuse the
|
181
|
+
// same one when creating new security connectors, swapping out the
|
182
|
+
// TlsCreds object only when the tls_credentials_options change.
|
183
|
+
// Option (a) would probably be better, although it may require some
|
184
|
+
// structural changes to the security connector API.
|
185
|
+
auto tls_credentials =
|
186
|
+
MakeRefCounted<TlsCredentials>(std::move(tls_credentials_options));
|
187
|
+
return tls_credentials->create_security_connector(
|
188
|
+
std::move(call_creds), target_name, temp_args.args, new_args);
|
131
189
|
}
|
132
|
-
tls_credentials_options->set_server_verification_option(
|
133
|
-
GRPC_TLS_SKIP_HOSTNAME_VERIFICATION);
|
134
|
-
tls_credentials_options->set_server_authorization_check_config(
|
135
|
-
MakeRefCounted<grpc_tls_server_authorization_check_config>(
|
136
|
-
xds_certificate_provider->Ref().release(), ServerAuthCheckSchedule,
|
137
|
-
nullptr, ServerAuthCheckDestroy));
|
138
|
-
auto tls_credentials =
|
139
|
-
MakeRefCounted<TlsCredentials>(std::move(tls_credentials_options));
|
140
|
-
security_connector = tls_credentials->create_security_connector(
|
141
|
-
std::move(call_creds), target_name, temp_args, new_args);
|
142
|
-
} else {
|
143
|
-
GPR_ASSERT(fallback_credentials_ != nullptr);
|
144
|
-
security_connector = fallback_credentials_->create_security_connector(
|
145
|
-
std::move(call_creds), target_name, temp_args, new_args);
|
146
190
|
}
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
return security_connector;
|
191
|
+
GPR_ASSERT(fallback_credentials_ != nullptr);
|
192
|
+
return fallback_credentials_->create_security_connector(
|
193
|
+
std::move(call_creds), target_name, temp_args.args, new_args);
|
151
194
|
}
|
152
195
|
|
153
196
|
//
|
@@ -155,9 +198,35 @@ XdsCredentials::create_security_connector(
|
|
155
198
|
//
|
156
199
|
|
157
200
|
RefCountedPtr<grpc_server_security_connector>
|
158
|
-
XdsServerCredentials::create_security_connector() {
|
159
|
-
|
160
|
-
|
201
|
+
XdsServerCredentials::create_security_connector(const grpc_channel_args* args) {
|
202
|
+
auto xds_certificate_provider =
|
203
|
+
XdsCertificateProvider::GetFromChannelArgs(args);
|
204
|
+
// Identity certs are a must for TLS.
|
205
|
+
if (xds_certificate_provider != nullptr &&
|
206
|
+
xds_certificate_provider->ProvidesIdentityCerts("")) {
|
207
|
+
auto tls_credentials_options =
|
208
|
+
MakeRefCounted<grpc_tls_credentials_options>();
|
209
|
+
tls_credentials_options->set_watch_identity_pair(true);
|
210
|
+
tls_credentials_options->set_certificate_provider(xds_certificate_provider);
|
211
|
+
if (xds_certificate_provider->ProvidesRootCerts("")) {
|
212
|
+
tls_credentials_options->set_watch_root_cert(true);
|
213
|
+
if (xds_certificate_provider->GetRequireClientCertificate("")) {
|
214
|
+
tls_credentials_options->set_cert_request_type(
|
215
|
+
GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY);
|
216
|
+
} else {
|
217
|
+
tls_credentials_options->set_cert_request_type(
|
218
|
+
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY);
|
219
|
+
}
|
220
|
+
} else {
|
221
|
+
// Do not request client certificate if there is no way to verify.
|
222
|
+
tls_credentials_options->set_cert_request_type(
|
223
|
+
GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE);
|
224
|
+
}
|
225
|
+
auto tls_credentials = MakeRefCounted<TlsServerCredentials>(
|
226
|
+
std::move(tls_credentials_options));
|
227
|
+
return tls_credentials->create_security_connector(args);
|
228
|
+
}
|
229
|
+
return fallback_credentials_->create_security_connector(args);
|
161
230
|
}
|
162
231
|
|
163
232
|
} // namespace grpc_core
|