RubyGems - grpc - Versions diffs - 1.56.0.pre3 → 1.56.2 - Mend

grpc 1.56.0.pre3 → 1.56.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

data/src/core/lib/iomgr/tcp_server_utils_posix.h CHANGED Viewed

@@ -30,6 +30,7 @@
 #include "src/core/lib/iomgr/resolve_address.h"
 #include "src/core/lib/iomgr/socket_utils_posix.h"
 #include "src/core/lib/iomgr/tcp_server.h"
+#include "src/core/lib/iomgr/timer.h"
 #include "src/core/lib/resource_quota/memory_quota.h"
 // one listening port
@@ -52,6 +53,11 @@ typedef struct grpc_tcp_listener {
   // identified while iterating through 'next'.
   struct grpc_tcp_listener* sibling;
   int is_sibling;
+  // If an accept4() call fails, a timer is started to drain the accept queue in
+  // case no further connection attempts reach the gRPC server.
+  grpc_closure retry_closure;
+  grpc_timer retry_timer;
+  gpr_atm retry_timer_armed;
 } grpc_tcp_listener;
 // the overall server
@@ -139,4 +145,10 @@ grpc_error_handle grpc_tcp_server_prepare_socket(
 // Ruturn true if the platform supports ifaddrs
 bool grpc_tcp_server_have_ifaddrs(void);
+// Initialize (but don't start) the timer and callback to retry accept4() on a
+// listening socket after file descriptors have been exhausted. This must be
+// called when creating a new listener.
+void grpc_tcp_server_listener_initialize_retry_timer(
+    grpc_tcp_listener* listener);
 #endif  // GRPC_SRC_CORE_LIB_IOMGR_TCP_SERVER_UTILS_POSIX_H

data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc CHANGED Viewed

@@ -18,6 +18,8 @@
 #include <grpc/support/port_platform.h>
+#include <grpc/support/atm.h>
 #include "src/core/lib/iomgr/port.h"
 #ifdef GRPC_POSIX_SOCKET_TCP_SERVER_UTILS_COMMON
@@ -81,6 +83,24 @@ static int get_max_accept_queue_size(void) {
   return s_max_accept_queue_size;
 }
+static void listener_retry_timer_cb(void* arg, grpc_error_handle err) {
+  // Do nothing if cancelled.
+  if (!err.ok()) return;
+  grpc_tcp_listener* listener = static_cast<grpc_tcp_listener*>(arg);
+  gpr_atm_no_barrier_store(&listener->retry_timer_armed, false);
+  if (!grpc_fd_is_shutdown(listener->emfd)) {
+    grpc_fd_set_readable(listener->emfd);
+  }
+}
+void grpc_tcp_server_listener_initialize_retry_timer(
+    grpc_tcp_listener* listener) {
+  gpr_atm_no_barrier_store(&listener->retry_timer_armed, false);
+  grpc_timer_init_unset(&listener->retry_timer);
+  GRPC_CLOSURE_INIT(&listener->retry_closure, listener_retry_timer_cb, listener,
+                    grpc_schedule_on_exec_ctx);
+}
 static grpc_error_handle add_socket_to_server(grpc_tcp_server* s, int fd,
                                               const grpc_resolved_address* addr,
                                               unsigned port_index,
@@ -112,6 +132,7 @@ static grpc_error_handle add_socket_to_server(grpc_tcp_server* s, int fd,
   sp->server = s;
   sp->fd = fd;
   sp->emfd = grpc_fd_create(fd, name.c_str(), true);
+  grpc_tcp_server_listener_initialize_retry_timer(sp);
   // Check and set fd as prellocated
   if (grpc_tcp_server_pre_allocated_fd(s) == fd) {

data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc CHANGED Viewed

@@ -120,3 +120,11 @@ void grpc_tls_credentials_options_set_tls_session_key_log_file_path(
   }
   options->set_tls_session_key_log_file_path(path != nullptr ? path : "");
 }
+void grpc_tls_credentials_options_set_send_client_ca_list(
+    grpc_tls_credentials_options* options, bool send_client_ca_list) {
+  if (options == nullptr) {
+    return;
+  }
+  options->set_send_client_ca_list(send_client_ca_list);
+}

data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h CHANGED Viewed

@@ -61,6 +61,7 @@ struct grpc_tls_credentials_options
   const std::string& identity_cert_name() const { return identity_cert_name_; }
   const std::string& tls_session_key_log_file_path() const { return tls_session_key_log_file_path_; }
   const std::string& crl_directory() const { return crl_directory_; }
+  bool send_client_ca_list() const { return send_client_ca_list_; }
   // Setters for member fields.
   void set_cert_request_type(grpc_ssl_client_certificate_request_type cert_request_type) { cert_request_type_ = cert_request_type; }
@@ -81,6 +82,7 @@ struct grpc_tls_credentials_options
   void set_tls_session_key_log_file_path(std::string tls_session_key_log_file_path) { tls_session_key_log_file_path_ = std::move(tls_session_key_log_file_path); }
   //  gRPC will enforce CRLs on all handshakes from all hashed CRL files inside of the crl_directory. If not set, an empty string will be used, which will not enable CRL checking. Only supported for OpenSSL version > 1.1.
   void set_crl_directory(std::string crl_directory) { crl_directory_ = std::move(crl_directory); }
+  void set_send_client_ca_list(bool send_client_ca_list) { send_client_ca_list_ = send_client_ca_list; }
   bool operator==(const grpc_tls_credentials_options& other) const {
     return cert_request_type_ == other.cert_request_type_ &&
@@ -95,7 +97,8 @@ struct grpc_tls_credentials_options
       watch_identity_pair_ == other.watch_identity_pair_ &&
       identity_cert_name_ == other.identity_cert_name_ &&
       tls_session_key_log_file_path_ == other.tls_session_key_log_file_path_ &&
-      crl_directory_ == other.crl_directory_;
+      crl_directory_ == other.crl_directory_ &&
+      send_client_ca_list_ == other.send_client_ca_list_;
   }
  private:
@@ -112,6 +115,7 @@ struct grpc_tls_credentials_options
   std::string identity_cert_name_;
   std::string tls_session_key_log_file_path_;
   std::string crl_directory_;
+  bool send_client_ca_list_ = false;
 };
 #endif  // GRPC_SRC_CORE_LIB_SECURITY_CREDENTIALS_TLS_GRPC_TLS_CREDENTIALS_OPTIONS_H

data/src/core/lib/security/security_connector/ssl_utils.cc CHANGED Viewed

@@ -465,7 +465,7 @@ grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
     grpc_ssl_client_certificate_request_type client_certificate_request,
     tsi_tls_version min_tls_version, tsi_tls_version max_tls_version,
     tsi::TlsSessionKeyLoggerCache::TlsSessionKeyLogger* tls_session_key_logger,
-    const char* crl_directory,
+    const char* crl_directory, bool send_client_ca_list,
     tsi_ssl_server_handshaker_factory** handshaker_factory) {
   size_t num_alpn_protocols = 0;
   const char** alpn_protocol_strings =
@@ -483,6 +483,7 @@ grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
   options.max_tls_version = max_tls_version;
   options.key_logger = tls_session_key_logger;
   options.crl_directory = crl_directory;
+  options.send_client_ca_list = send_client_ca_list;
   const tsi_result result =
       tsi_create_ssl_server_handshaker_factory_with_options(&options,
                                                             handshaker_factory);

data/src/core/lib/security/security_connector/ssl_utils.h CHANGED Viewed

@@ -93,7 +93,7 @@ grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init(
     grpc_ssl_client_certificate_request_type client_certificate_request,
     tsi_tls_version min_tls_version, tsi_tls_version max_tls_version,
     tsi::TlsSessionKeyLoggerCache::TlsSessionKeyLogger* tls_session_key_logger,
-    const char* crl_directory,
+    const char* crl_directory, bool send_client_ca_list,
     tsi_ssl_server_handshaker_factory** handshaker_factory);
 // Free the memory occupied by key cert pairs.

data/src/core/lib/security/security_connector/tls/tls_security_connector.cc CHANGED Viewed

@@ -830,7 +830,7 @@ TlsServerSecurityConnector::UpdateHandshakerFactoryLocked() {
       grpc_get_tsi_tls_version(options_->min_tls_version()),
       grpc_get_tsi_tls_version(options_->max_tls_version()),
       tls_session_key_logger_.get(), options_->crl_directory().c_str(),
-      &server_handshaker_factory_);
+      options_->send_client_ca_list(), &server_handshaker_factory_);
   // Free memory.
   grpc_tsi_ssl_pem_key_cert_pairs_destroy(pem_key_cert_pairs,
                                           num_key_cert_pairs);

data/src/core/lib/surface/validate_metadata.cc CHANGED Viewed

@@ -21,8 +21,6 @@
 #include "src/core/lib/surface/validate_metadata.h"
 #include "absl/status/status.h"
-#include "absl/strings/escaping.h"
-#include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
 #include <grpc/grpc.h>
@@ -46,32 +44,49 @@ class LegalHeaderKeyBits : public BitSet<256> {
 };
 constexpr LegalHeaderKeyBits g_legal_header_key_bits;
-GPR_ATTRIBUTE_NOINLINE
-absl::Status DoesNotConformTo(absl::string_view x, const char* err_desc) {
-  return absl::InternalError(absl::StrCat(err_desc, ": ", x, " (hex ",
-                                          absl::BytesToHexString(x), ")"));
-}
-absl::Status ConformsTo(absl::string_view x, const BitSet<256>& legal_bits,
-                        const char* err_desc) {
+ValidateMetadataResult ConformsTo(absl::string_view x,
+                                  const BitSet<256>& legal_bits,
+                                  ValidateMetadataResult error) {
   for (uint8_t c : x) {
     if (!legal_bits.is_set(c)) {
-      return DoesNotConformTo(x, err_desc);
+      return error;
     }
   }
-  return absl::OkStatus();
+  return ValidateMetadataResult::kOk;
+}
+absl::Status UpgradeToStatus(ValidateMetadataResult result) {
+  if (result == ValidateMetadataResult::kOk) return absl::OkStatus();
+  return absl::InternalError(ValidateMetadataResultToString(result));
 }
 }  // namespace
-absl::Status ValidateHeaderKeyIsLegal(absl::string_view key) {
+ValidateMetadataResult ValidateHeaderKeyIsLegal(absl::string_view key) {
   if (key.empty()) {
-    return absl::InternalError("Metadata keys cannot be zero length");
+    return ValidateMetadataResult::kCannotBeZeroLength;
   }
   if (key.size() > UINT32_MAX) {
-    return absl::InternalError(
-        "Metadata keys cannot be larger than UINT32_MAX");
+    return ValidateMetadataResult::kTooLong;
+  }
+  return ConformsTo(key, g_legal_header_key_bits,
+                    ValidateMetadataResult::kIllegalHeaderKey);
+}
+const char* ValidateMetadataResultToString(ValidateMetadataResult result) {
+  switch (result) {
+    case ValidateMetadataResult::kOk:
+      return "Ok";
+    case ValidateMetadataResult::kCannotBeZeroLength:
+      return "Metadata keys cannot be zero length";
+    case ValidateMetadataResult::kTooLong:
+      return "Metadata keys cannot be larger than UINT32_MAX";
+    case ValidateMetadataResult::kIllegalHeaderKey:
+      return "Illegal header key";
+    case ValidateMetadataResult::kIllegalHeaderValue:
+      return "Illegal header value";
   }
-  return ConformsTo(key, g_legal_header_key_bits, "Illegal header key");
+  GPR_UNREACHABLE_CODE(return "Unknown");
 }
 }  // namespace grpc_core
@@ -82,8 +97,8 @@ static int error2int(grpc_error_handle error) {
 }
 grpc_error_handle grpc_validate_header_key_is_legal(const grpc_slice& slice) {
-  return grpc_core::ValidateHeaderKeyIsLegal(
-      grpc_core::StringViewFromSlice(slice));
+  return grpc_core::UpgradeToStatus(grpc_core::ValidateHeaderKeyIsLegal(
+      grpc_core::StringViewFromSlice(slice)));
 }
 int grpc_header_key_is_legal(grpc_slice slice) {
@@ -104,9 +119,9 @@ constexpr LegalHeaderNonBinValueBits g_legal_header_non_bin_value_bits;
 grpc_error_handle grpc_validate_header_nonbin_value_is_legal(
     const grpc_slice& slice) {
-  return grpc_core::ConformsTo(grpc_core::StringViewFromSlice(slice),
-                               g_legal_header_non_bin_value_bits,
-                               "Illegal header value");
+  return grpc_core::UpgradeToStatus(grpc_core::ConformsTo(
+      grpc_core::StringViewFromSlice(slice), g_legal_header_non_bin_value_bits,
+      grpc_core::ValidateMetadataResult::kIllegalHeaderValue));
 }
 int grpc_header_nonbin_value_is_legal(grpc_slice slice) {

data/src/core/lib/surface/validate_metadata.h CHANGED Viewed

@@ -25,7 +25,6 @@
 #include <cstring>
-#include "absl/status/status.h"
 #include "absl/strings/string_view.h"
 #include <grpc/slice.h>
@@ -35,9 +34,20 @@
 namespace grpc_core {
-absl::Status ValidateHeaderKeyIsLegal(absl::string_view key);
+enum class ValidateMetadataResult : uint8_t {
+  kOk,
+  kCannotBeZeroLength,
+  kTooLong,
+  kIllegalHeaderKey,
+  kIllegalHeaderValue
+};
-}
+const char* ValidateMetadataResultToString(ValidateMetadataResult result);
+// Returns nullopt if the key is legal, otherwise returns an error message.
+ValidateMetadataResult ValidateHeaderKeyIsLegal(absl::string_view key);
+}  // namespace grpc_core
 grpc_error_handle grpc_validate_header_key_is_legal(const grpc_slice& slice);
 grpc_error_handle grpc_validate_header_nonbin_value_is_legal(

data/src/core/tsi/ssl_transport_security.cc CHANGED Viewed

@@ -2202,12 +2202,15 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
         STACK_OF(X509_NAME)* root_names = nullptr;
         result = ssl_ctx_load_verification_certs(
             impl->ssl_contexts[i], options->pem_client_root_certs,
-            strlen(options->pem_client_root_certs), &root_names);
+            strlen(options->pem_client_root_certs),
+            options->send_client_ca_list ? &root_names : nullptr);
         if (result != TSI_OK) {
           gpr_log(GPR_ERROR, "Invalid verification certs.");
           break;
         }
-        SSL_CTX_set_client_CA_list(impl->ssl_contexts[i], root_names);
+        if (options->send_client_ca_list) {
+          SSL_CTX_set_client_CA_list(impl->ssl_contexts[i], root_names);
+        }
       }
       switch (options->client_certificate_request) {
         case TSI_DONT_REQUEST_CLIENT_CERTIFICATE:

data/src/core/tsi/ssl_transport_security.h CHANGED Viewed

@@ -325,6 +325,17 @@ struct tsi_ssl_server_handshaker_options {
   // crl checking. Only OpenSSL version > 1.1 is supported for CRL checking
   const char* crl_directory;
+  // If true, the SSL server sends a list of CA names to the client in the
+  // ServerHello. This list of CA names is extracted from the server's trust
+  // bundle, and the client may use this lint as a hint to decide which
+  // certificate it should send to the server.
+  //
+  // WARNING: This is an extremely dangerous option. If the server's trust
+  // bundle is sufficiently large, then setting this bit to true will result in
+  // the server being unable to generate a ServerHello, and hence the server
+  // will be unusable.
+  bool send_client_ca_list;
   tsi_ssl_server_handshaker_options()
       : pem_key_cert_pairs(nullptr),
         num_key_cert_pairs(0),
@@ -338,7 +349,8 @@ struct tsi_ssl_server_handshaker_options {
         min_tls_version(tsi_tls_version::TSI_TLS1_2),
         max_tls_version(tsi_tls_version::TSI_TLS1_3),
         key_logger(nullptr),
-        crl_directory(nullptr) {}
+        crl_directory(nullptr),
+        send_client_ca_list(true) {}
 };
 // Creates a server handshaker factory.

data/src/ruby/ext/grpc/rb_grpc_imports.generated.c CHANGED Viewed

@@ -188,6 +188,7 @@ grpc_tls_credentials_options_set_identity_cert_name_type grpc_tls_credentials_op
 grpc_tls_credentials_options_set_cert_request_type_type grpc_tls_credentials_options_set_cert_request_type_import;
 grpc_tls_credentials_options_set_crl_directory_type grpc_tls_credentials_options_set_crl_directory_import;
 grpc_tls_credentials_options_set_verify_server_cert_type grpc_tls_credentials_options_set_verify_server_cert_import;
+grpc_tls_credentials_options_set_send_client_ca_list_type grpc_tls_credentials_options_set_send_client_ca_list_import;
 grpc_tls_credentials_options_set_check_call_host_type grpc_tls_credentials_options_set_check_call_host_import;
 grpc_insecure_credentials_create_type grpc_insecure_credentials_create_import;
 grpc_insecure_server_credentials_create_type grpc_insecure_server_credentials_create_import;
@@ -474,6 +475,7 @@ void grpc_rb_load_imports(HMODULE library) {
   grpc_tls_credentials_options_set_cert_request_type_import = (grpc_tls_credentials_options_set_cert_request_type_type) GetProcAddress(library, "grpc_tls_credentials_options_set_cert_request_type");
   grpc_tls_credentials_options_set_crl_directory_import = (grpc_tls_credentials_options_set_crl_directory_type) GetProcAddress(library, "grpc_tls_credentials_options_set_crl_directory");
   grpc_tls_credentials_options_set_verify_server_cert_import = (grpc_tls_credentials_options_set_verify_server_cert_type) GetProcAddress(library, "grpc_tls_credentials_options_set_verify_server_cert");
+  grpc_tls_credentials_options_set_send_client_ca_list_import = (grpc_tls_credentials_options_set_send_client_ca_list_type) GetProcAddress(library, "grpc_tls_credentials_options_set_send_client_ca_list");
   grpc_tls_credentials_options_set_check_call_host_import = (grpc_tls_credentials_options_set_check_call_host_type) GetProcAddress(library, "grpc_tls_credentials_options_set_check_call_host");
   grpc_insecure_credentials_create_import = (grpc_insecure_credentials_create_type) GetProcAddress(library, "grpc_insecure_credentials_create");
   grpc_insecure_server_credentials_create_import = (grpc_insecure_server_credentials_create_type) GetProcAddress(library, "grpc_insecure_server_credentials_create");

data/src/ruby/ext/grpc/rb_grpc_imports.generated.h CHANGED Viewed

@@ -539,6 +539,9 @@ extern grpc_tls_credentials_options_set_crl_directory_type grpc_tls_credentials_
 typedef void(*grpc_tls_credentials_options_set_verify_server_cert_type)(grpc_tls_credentials_options* options, int verify_server_cert);
 extern grpc_tls_credentials_options_set_verify_server_cert_type grpc_tls_credentials_options_set_verify_server_cert_import;
 #define grpc_tls_credentials_options_set_verify_server_cert grpc_tls_credentials_options_set_verify_server_cert_import
+typedef void(*grpc_tls_credentials_options_set_send_client_ca_list_type)(grpc_tls_credentials_options* options, bool send_client_ca_list);
+extern grpc_tls_credentials_options_set_send_client_ca_list_type grpc_tls_credentials_options_set_send_client_ca_list_import;
+#define grpc_tls_credentials_options_set_send_client_ca_list grpc_tls_credentials_options_set_send_client_ca_list_import
 typedef void(*grpc_tls_credentials_options_set_check_call_host_type)(grpc_tls_credentials_options* options, int check_call_host);
 extern grpc_tls_credentials_options_set_check_call_host_type grpc_tls_credentials_options_set_check_call_host_import;
 #define grpc_tls_credentials_options_set_check_call_host grpc_tls_credentials_options_set_check_call_host_import

data/src/ruby/lib/grpc/version.rb CHANGED Viewed

@@ -14,5 +14,5 @@
 # GRPC contains the General RPC module.
 module GRPC
-  VERSION = '1.56.0.pre3'
+  VERSION = '1.56.2'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: grpc
 version: !ruby/object:Gem::Version
-  version: 1.56.0.pre3
+  version: 1.56.2
 platform: ruby
 authors:
 - gRPC Authors
 autorequire:
 bindir: src/ruby/bin
 cert_chain: []
-date: 2023-06-13 00:00:00.000000000 Z
+date: 2023-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-protobuf
@@ -465,6 +465,8 @@ files:
 - src/core/ext/transport/chttp2/transport/hpack_encoder.h
 - src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc
 - src/core/ext/transport/chttp2/transport/hpack_encoder_table.h
+- src/core/ext/transport/chttp2/transport/hpack_parse_result.cc
+- src/core/ext/transport/chttp2/transport/hpack_parse_result.h
 - src/core/ext/transport/chttp2/transport/hpack_parser.cc
 - src/core/ext/transport/chttp2/transport/hpack_parser.h
 - src/core/ext/transport/chttp2/transport/hpack_parser_table.cc
@@ -3240,11 +3242,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.4.14
+rubygems_version: 3.4.17
 signing_key:
 specification_version: 4
 summary: GRPC system in Ruby