grpc 1.60.0 → 1.61.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +208 -165
- data/include/grpc/event_engine/event_engine.h +59 -12
- data/include/grpc/event_engine/internal/memory_allocator_impl.h +6 -0
- data/include/grpc/event_engine/internal/slice_cast.h +12 -0
- data/include/grpc/event_engine/memory_allocator.h +3 -1
- data/include/grpc/event_engine/slice.h +5 -0
- data/include/grpc/grpc_security.h +22 -1
- data/include/grpc/impl/call.h +29 -0
- data/include/grpc/impl/channel_arg_names.h +12 -1
- data/include/grpc/impl/slice_type.h +1 -1
- data/include/grpc/module.modulemap +1 -0
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +54 -7
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +20 -6
- data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +10 -13
- data/src/core/ext/filters/channel_idle/channel_idle_filter.h +18 -10
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +326 -0
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.h +143 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +2 -2
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -6
- data/src/core/ext/filters/client_channel/client_channel_internal.h +2 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +54 -21
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.cc +12 -15
- data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.h +8 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +139 -92
- data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +9 -4
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +9 -4
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +10 -11
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +94 -93
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +5 -3
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +12 -15
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +38 -16
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +25 -28
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +10 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +37 -35
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +504 -461
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +232 -122
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +642 -251
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.h +2 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -1
- data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +6 -8
- data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.cc +1031 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.h +277 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +128 -270
- data/src/core/ext/filters/client_channel/resolver/xds/{xds_resolver.h → xds_resolver_attributes.h} +5 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.cc +25 -0
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.h +30 -0
- data/src/core/ext/filters/client_channel/retry_filter.cc +1 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +35 -17
- data/src/core/ext/filters/deadline/deadline_filter.cc +12 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +17 -13
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +13 -4
- data/src/core/ext/filters/http/client/http_client_filter.cc +23 -32
- data/src/core/ext/filters/http/client/http_client_filter.h +10 -5
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/client_authority_filter.h +12 -4
- data/src/core/ext/filters/http/http_filters_plugin.cc +42 -20
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +55 -80
- data/src/core/ext/filters/http/message_compress/compression_filter.h +54 -12
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +325 -0
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.h +139 -0
- data/src/core/ext/filters/http/server/http_server_filter.cc +41 -41
- data/src/core/ext/filters/http/server/http_server_filter.h +11 -4
- data/src/core/ext/filters/message_size/message_size_filter.cc +56 -76
- data/src/core/ext/filters/message_size/message_size_filter.h +35 -23
- data/src/core/ext/filters/rbac/rbac_filter.cc +15 -11
- data/src/core/ext/filters/rbac/rbac_filter.h +11 -4
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +25 -13
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +47 -50
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +21 -4
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +11 -2
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +67 -145
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +21 -82
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -8
- data/src/core/ext/transport/chttp2/transport/frame.cc +506 -0
- data/src/core/ext/transport/chttp2/transport/frame.h +214 -0
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +33 -79
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -7
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +122 -32
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +142 -37
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -22
- data/src/core/ext/transport/chttp2/transport/parsing.cc +23 -37
- data/src/core/ext/transport/chttp2/transport/writing.cc +26 -58
- data/src/core/ext/transport/inproc/inproc_transport.cc +172 -13
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb.h +712 -0
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.c +151 -0
- data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.h +33 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.c +133 -0
- data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.h +50 -0
- data/src/core/ext/xds/certificate_provider_store.cc +2 -1
- data/src/core/ext/xds/certificate_provider_store.h +0 -5
- data/src/core/ext/xds/xds_api.cc +31 -18
- data/src/core/ext/xds/xds_api.h +2 -2
- data/src/core/ext/xds/xds_bootstrap.h +3 -0
- data/src/core/ext/xds/xds_certificate_provider.cc +88 -287
- data/src/core/ext/xds/xds_certificate_provider.h +44 -111
- data/src/core/ext/xds/xds_client.cc +420 -414
- data/src/core/ext/xds/xds_client.h +31 -22
- data/src/core/ext/xds/xds_client_grpc.cc +3 -1
- data/src/core/ext/xds/xds_cluster.cc +104 -11
- data/src/core/ext/xds/xds_cluster.h +9 -1
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +9 -5
- data/src/core/ext/xds/xds_common_types.cc +14 -10
- data/src/core/ext/xds/xds_endpoint.cc +9 -4
- data/src/core/ext/xds/xds_endpoint.h +5 -1
- data/src/core/ext/xds/xds_health_status.cc +12 -2
- data/src/core/ext/xds/xds_health_status.h +4 -2
- data/src/core/ext/xds/xds_http_rbac_filter.cc +5 -3
- data/src/core/ext/xds/xds_listener.cc +14 -8
- data/src/core/ext/xds/xds_resource_type_impl.h +6 -4
- data/src/core/ext/xds/xds_route_config.cc +34 -22
- data/src/core/ext/xds/xds_route_config.h +1 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +61 -57
- data/src/core/ext/xds/xds_transport.h +3 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +47 -50
- data/src/core/ext/xds/xds_transport_grpc.h +4 -0
- data/src/core/lib/channel/call_tracer.cc +12 -0
- data/src/core/lib/channel/call_tracer.h +17 -3
- data/src/core/lib/channel/channel_args.cc +24 -14
- data/src/core/lib/channel/channel_args.h +74 -13
- data/src/core/lib/channel/channel_stack.cc +27 -0
- data/src/core/lib/channel/channel_stack.h +10 -10
- data/src/core/lib/channel/connected_channel.cc +64 -18
- data/src/core/lib/channel/promise_based_filter.h +1041 -1
- data/src/core/lib/channel/server_call_tracer_filter.cc +43 -35
- data/src/core/lib/compression/compression_internal.cc +0 -3
- data/src/core/lib/event_engine/ares_resolver.cc +35 -14
- data/src/core/lib/event_engine/ares_resolver.h +9 -10
- data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +8 -1
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.cc +132 -0
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +61 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +52 -36
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +4 -9
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +11 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +9 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +7 -0
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +17 -27
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +0 -3
- data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +55 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +114 -0
- data/src/core/lib/event_engine/windows/native_windows_dns_resolver.h +51 -0
- data/src/core/lib/event_engine/windows/windows_engine.cc +7 -7
- data/src/core/lib/experiments/config.cc +13 -0
- data/src/core/lib/experiments/config.h +3 -0
- data/src/core/lib/experiments/experiments.cc +245 -366
- data/src/core/lib/experiments/experiments.h +50 -156
- data/src/core/lib/gprpp/debug_location.h +13 -0
- data/src/core/lib/gprpp/dual_ref_counted.h +36 -7
- data/src/core/lib/gprpp/orphanable.h +27 -0
- data/src/core/lib/gprpp/ref_counted.h +63 -22
- data/src/core/lib/gprpp/ref_counted_ptr.h +70 -27
- data/src/core/lib/gprpp/ref_counted_string.h +13 -0
- data/src/core/lib/gprpp/status_helper.cc +1 -2
- data/src/core/lib/iomgr/combiner.cc +15 -51
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +31 -0
- data/src/core/lib/iomgr/event_engine_shims/endpoint.h +16 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -3
- data/src/core/lib/load_balancing/lb_policy.h +1 -1
- data/src/core/lib/promise/activity.cc +17 -2
- data/src/core/lib/promise/activity.h +5 -4
- data/src/core/lib/promise/all_ok.h +80 -0
- data/src/core/lib/promise/detail/join_state.h +2077 -0
- data/src/core/lib/promise/detail/promise_factory.h +1 -0
- data/src/core/lib/promise/detail/promise_like.h +8 -1
- data/src/core/lib/promise/detail/seq_state.h +3458 -150
- data/src/core/lib/promise/detail/status.h +42 -5
- data/src/core/lib/promise/for_each.h +13 -1
- data/src/core/lib/promise/if.h +4 -0
- data/src/core/lib/promise/latch.h +6 -3
- data/src/core/lib/promise/party.cc +33 -31
- data/src/core/lib/promise/party.h +142 -6
- data/src/core/lib/promise/poll.h +39 -13
- data/src/core/lib/promise/promise.h +4 -0
- data/src/core/lib/promise/seq.h +107 -7
- data/src/core/lib/promise/status_flag.h +196 -0
- data/src/core/lib/promise/try_join.h +132 -0
- data/src/core/lib/promise/try_seq.h +132 -10
- data/src/core/lib/resolver/endpoint_addresses.cc +0 -1
- data/src/core/lib/resolver/endpoint_addresses.h +48 -0
- data/src/core/lib/resource_quota/arena.h +2 -2
- data/src/core/lib/resource_quota/memory_quota.cc +57 -8
- data/src/core/lib/resource_quota/memory_quota.h +6 -0
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -11
- data/src/core/lib/security/authorization/grpc_server_authz_filter.h +14 -5
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +28 -20
- data/src/core/lib/security/credentials/external/external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +4 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +4 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +12 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +22 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -5
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +21 -28
- data/src/core/lib/security/credentials/xds/xds_credentials.h +2 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +4 -3
- data/src/core/lib/security/transport/auth_filters.h +71 -4
- data/src/core/lib/security/transport/client_auth_filter.cc +2 -4
- data/src/core/lib/security/transport/legacy_server_auth_filter.cc +244 -0
- data/src/core/lib/security/transport/server_auth_filter.cc +70 -90
- data/src/core/lib/slice/slice_buffer.h +3 -0
- data/src/core/lib/surface/builtins.cc +1 -1
- data/src/core/lib/surface/call.cc +683 -196
- data/src/core/lib/surface/call.h +26 -13
- data/src/core/lib/surface/call_trace.cc +42 -1
- data/src/core/lib/surface/channel.cc +0 -1
- data/src/core/lib/surface/channel.h +0 -6
- data/src/core/lib/surface/channel_init.h +26 -0
- data/src/core/lib/surface/init.cc +14 -8
- data/src/core/lib/surface/server.cc +256 -237
- data/src/core/lib/surface/server.h +26 -54
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/surface/wait_for_cq_end_op.h +94 -0
- data/src/core/lib/transport/call_final_info.cc +38 -0
- data/src/core/lib/transport/call_final_info.h +54 -0
- data/src/core/lib/transport/connectivity_state.cc +3 -2
- data/src/core/lib/transport/connectivity_state.h +4 -0
- data/src/core/lib/transport/metadata_batch.h +4 -4
- data/src/core/lib/transport/transport.cc +70 -19
- data/src/core/lib/transport/transport.h +395 -25
- data/src/core/plugin_registry/grpc_plugin_registry.cc +3 -0
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +0 -3
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +65 -43
- data/src/ruby/ext/grpc/rb_channel_args.c +3 -1
- data/src/ruby/ext/grpc/rb_grpc.c +0 -1
- data/src/ruby/ext/grpc/rb_grpc.h +0 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/upb/upb/reflection/def_pool.h +2 -2
- data/third_party/zlib/adler32.c +5 -27
- data/third_party/zlib/compress.c +5 -16
- data/third_party/zlib/crc32.c +86 -162
- data/third_party/zlib/deflate.c +233 -336
- data/third_party/zlib/deflate.h +8 -8
- data/third_party/zlib/gzguts.h +11 -12
- data/third_party/zlib/infback.c +7 -23
- data/third_party/zlib/inffast.c +1 -4
- data/third_party/zlib/inffast.h +1 -1
- data/third_party/zlib/inflate.c +30 -99
- data/third_party/zlib/inftrees.c +6 -11
- data/third_party/zlib/inftrees.h +3 -3
- data/third_party/zlib/trees.c +224 -302
- data/third_party/zlib/uncompr.c +4 -12
- data/third_party/zlib/zconf.h +6 -2
- data/third_party/zlib/zlib.h +191 -188
- data/third_party/zlib/zutil.c +16 -44
- data/third_party/zlib/zutil.h +10 -10
- metadata +35 -13
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +0 -1173
- data/src/core/lib/event_engine/memory_allocator.cc +0 -74
- data/src/core/lib/transport/pid_controller.cc +0 -51
- data/src/core/lib/transport/pid_controller.h +0 -116
- data/third_party/upb/upb/collections/array.h +0 -17
- data/third_party/upb/upb/collections/map.h +0 -17
- data/third_party/upb/upb/upb.hpp +0 -18
@@ -176,6 +176,12 @@ static unsigned long openssl_thread_id_cb(void) {
|
|
176
176
|
}
|
177
177
|
#endif
|
178
178
|
|
179
|
+
static void verified_root_cert_free(void* /*parent*/, void* ptr,
|
180
|
+
CRYPTO_EX_DATA* /*ad*/, int /*index*/,
|
181
|
+
long /*argl*/, void* /*argp*/) {
|
182
|
+
X509_free(static_cast<X509*>(ptr));
|
183
|
+
}
|
184
|
+
|
179
185
|
static void init_openssl(void) {
|
180
186
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
181
187
|
OPENSSL_init_ssl(0, nullptr);
|
@@ -207,8 +213,8 @@ static void init_openssl(void) {
|
|
207
213
|
SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
|
208
214
|
GPR_ASSERT(g_ssl_ctx_ex_crl_provider_index != -1);
|
209
215
|
|
210
|
-
g_ssl_ex_verified_root_cert_index =
|
211
|
-
|
216
|
+
g_ssl_ex_verified_root_cert_index = SSL_get_ex_new_index(
|
217
|
+
0, nullptr, nullptr, nullptr, verified_root_cert_free);
|
212
218
|
GPR_ASSERT(g_ssl_ex_verified_root_cert_index != -1);
|
213
219
|
}
|
214
220
|
|
@@ -269,13 +275,14 @@ static tsi_result ssl_get_x509_common_name(X509* cert, unsigned char** utf8,
|
|
269
275
|
X509_NAME* subject_name = X509_get_subject_name(cert);
|
270
276
|
int utf8_returned_size = 0;
|
271
277
|
if (subject_name == nullptr) {
|
272
|
-
gpr_log(
|
278
|
+
gpr_log(GPR_DEBUG, "Could not get subject name from certificate.");
|
273
279
|
return TSI_NOT_FOUND;
|
274
280
|
}
|
275
281
|
common_name_index =
|
276
282
|
X509_NAME_get_index_by_NID(subject_name, NID_commonName, -1);
|
277
283
|
if (common_name_index == -1) {
|
278
|
-
gpr_log(
|
284
|
+
gpr_log(GPR_DEBUG,
|
285
|
+
"Could not get common name of subject from certificate.");
|
279
286
|
return TSI_NOT_FOUND;
|
280
287
|
}
|
281
288
|
common_name_entry = X509_NAME_get_entry(subject_name, common_name_index);
|
@@ -899,53 +906,40 @@ static int verify_cb(int ok, X509_STORE_CTX* ctx) {
|
|
899
906
|
// the server's certificate, but we need to pull it anyway, in case a higher
|
900
907
|
// layer wants to look at it. In this case the verification may fail, but
|
901
908
|
// we don't really care.
|
902
|
-
static int NullVerifyCallback(
|
909
|
+
static int NullVerifyCallback(X509_STORE_CTX* /*ctx*/, void* /*arg*/) {
|
903
910
|
return 1;
|
904
911
|
}
|
905
912
|
|
906
|
-
static int RootCertExtractCallback(
|
907
|
-
|
908
|
-
|
909
|
-
|
910
|
-
|
911
|
-
|
912
|
-
// related callback is set with X509_STORE_set_verify_cb. They overlap and
|
913
|
-
// this will take precedence, thus we need to ensure the CRL related callback
|
914
|
-
// is still called
|
915
|
-
X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx);
|
916
|
-
auto flags = X509_VERIFY_PARAM_get_flags(param);
|
917
|
-
if (flags & X509_V_FLAG_CRL_CHECK) {
|
918
|
-
preverify_ok = verify_cb(preverify_ok, ctx);
|
919
|
-
}
|
920
|
-
|
921
|
-
// If preverify_ok == 0, verification failed. We shouldn't expect to have a
|
922
|
-
// verified chain, so there is no need to attempt to extract the root cert
|
923
|
-
// from it
|
924
|
-
if (preverify_ok == 0) {
|
925
|
-
return preverify_ok;
|
913
|
+
static int RootCertExtractCallback(X509_STORE_CTX* ctx, void* /*arg*/) {
|
914
|
+
int ret = X509_verify_cert(ctx);
|
915
|
+
if (ret <= 0) {
|
916
|
+
// Verification failed. We shouldn't expect to have a verified chain, so
|
917
|
+
// there is no need to attempt to extract the root cert from it.
|
918
|
+
return ret;
|
926
919
|
}
|
927
920
|
|
928
|
-
//
|
929
|
-
//
|
930
|
-
//
|
921
|
+
// Verification was successful. Get the verified chain from the X509_STORE_CTX
|
922
|
+
// and put the root on the SSL object so that we have access to it when
|
923
|
+
// populating the tsi_peer. On error extracting the root, we return success
|
924
|
+
// anyway and proceed with the connection, to preserve the behavior of an
|
925
|
+
// older version of this code.
|
931
926
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
932
927
|
STACK_OF(X509)* chain = X509_STORE_CTX_get0_chain(ctx);
|
933
928
|
#else
|
934
929
|
STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(ctx);
|
935
930
|
#endif
|
936
|
-
|
937
931
|
if (chain == nullptr) {
|
938
|
-
return
|
932
|
+
return ret;
|
939
933
|
}
|
940
934
|
|
941
935
|
// The root cert is the last in the chain
|
942
936
|
size_t chain_length = sk_X509_num(chain);
|
943
937
|
if (chain_length == 0) {
|
944
|
-
return
|
938
|
+
return ret;
|
945
939
|
}
|
946
940
|
X509* root_cert = sk_X509_value(chain, chain_length - 1);
|
947
941
|
if (root_cert == nullptr) {
|
948
|
-
return
|
942
|
+
return ret;
|
949
943
|
}
|
950
944
|
|
951
945
|
ERR_clear_error();
|
@@ -955,18 +949,32 @@ static int RootCertExtractCallback(int preverify_ok, X509_STORE_CTX* ctx) {
|
|
955
949
|
ERR_error_string_n(ERR_get_error(), err_str, sizeof(err_str));
|
956
950
|
gpr_log(GPR_ERROR,
|
957
951
|
"error getting the SSL index from the X509_STORE_CTX: %s", err_str);
|
958
|
-
return
|
952
|
+
return ret;
|
959
953
|
}
|
960
954
|
SSL* ssl = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, ssl_index));
|
961
955
|
if (ssl == nullptr) {
|
962
|
-
return
|
956
|
+
return ret;
|
963
957
|
}
|
958
|
+
|
959
|
+
// Free the old root and save the new one. There should not be an old root,
|
960
|
+
// but if renegotiation is not disabled (required by RFC 9113, Section
|
961
|
+
// 9.2.1), it is possible that this callback run multiple times for a single
|
962
|
+
// connection. gRPC does not always disable renegotiation. See
|
963
|
+
// https://github.com/grpc/grpc/issues/35368
|
964
|
+
X509_free(static_cast<X509*>(
|
965
|
+
SSL_get_ex_data(ssl, g_ssl_ex_verified_root_cert_index)));
|
964
966
|
int success =
|
965
967
|
SSL_set_ex_data(ssl, g_ssl_ex_verified_root_cert_index, root_cert);
|
966
968
|
if (success == 0) {
|
967
969
|
gpr_log(GPR_INFO, "Could not set verified root cert in SSL's ex_data");
|
970
|
+
} else {
|
971
|
+
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
972
|
+
X509_up_ref(root_cert);
|
973
|
+
#else
|
974
|
+
CRYPTO_add(&root_cert->references, 1, CRYPTO_LOCK_X509);
|
975
|
+
#endif
|
968
976
|
}
|
969
|
-
return
|
977
|
+
return ret;
|
970
978
|
}
|
971
979
|
|
972
980
|
// X509_STORE_set_get_crl() sets the function to get the crl for a given
|
@@ -2073,6 +2081,9 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
|
|
2073
2081
|
ssl_context = SSL_CTX_new(TLS_method());
|
2074
2082
|
#else
|
2075
2083
|
ssl_context = SSL_CTX_new(TLSv1_2_method());
|
2084
|
+
#endif
|
2085
|
+
#if OPENSSL_VERSION_NUMBER >= 0x10101000
|
2086
|
+
SSL_CTX_set_options(ssl_context, SSL_OP_NO_RENEGOTIATION);
|
2076
2087
|
#endif
|
2077
2088
|
if (ssl_context == nullptr) {
|
2078
2089
|
grpc_core::LogSslErrorStack();
|
@@ -2166,10 +2177,12 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
|
|
2166
2177
|
tsi_ssl_handshaker_factory_unref(&impl->base);
|
2167
2178
|
return result;
|
2168
2179
|
}
|
2180
|
+
SSL_CTX_set_verify(ssl_context, SSL_VERIFY_PEER, nullptr);
|
2169
2181
|
if (options->skip_server_certificate_verification) {
|
2170
|
-
|
2182
|
+
SSL_CTX_set_cert_verify_callback(ssl_context, NullVerifyCallback, nullptr);
|
2171
2183
|
} else {
|
2172
|
-
|
2184
|
+
SSL_CTX_set_cert_verify_callback(ssl_context, RootCertExtractCallback,
|
2185
|
+
nullptr);
|
2173
2186
|
}
|
2174
2187
|
|
2175
2188
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
@@ -2288,6 +2301,9 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
|
|
2288
2301
|
impl->ssl_contexts[i] = SSL_CTX_new(TLS_method());
|
2289
2302
|
#else
|
2290
2303
|
impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
|
2304
|
+
#endif
|
2305
|
+
#if OPENSSL_VERSION_NUMBER >= 0x10101000
|
2306
|
+
SSL_CTX_set_options(impl->ssl_contexts[i], SSL_OP_NO_RENEGOTIATION);
|
2291
2307
|
#endif
|
2292
2308
|
if (impl->ssl_contexts[i] == nullptr) {
|
2293
2309
|
grpc_core::LogSslErrorStack();
|
@@ -2348,22 +2364,28 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
|
|
2348
2364
|
SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_NONE, nullptr);
|
2349
2365
|
break;
|
2350
2366
|
case TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
|
2351
|
-
SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER,
|
2352
|
-
|
2367
|
+
SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, nullptr);
|
2368
|
+
SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
|
2369
|
+
NullVerifyCallback, nullptr);
|
2353
2370
|
break;
|
2354
2371
|
case TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
|
2355
|
-
SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER,
|
2356
|
-
|
2372
|
+
SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, nullptr);
|
2373
|
+
SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
|
2374
|
+
RootCertExtractCallback, nullptr);
|
2357
2375
|
break;
|
2358
2376
|
case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
|
2359
2377
|
SSL_CTX_set_verify(impl->ssl_contexts[i],
|
2360
2378
|
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
2361
|
-
|
2379
|
+
nullptr);
|
2380
|
+
SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
|
2381
|
+
NullVerifyCallback, nullptr);
|
2362
2382
|
break;
|
2363
2383
|
case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
|
2364
2384
|
SSL_CTX_set_verify(impl->ssl_contexts[i],
|
2365
2385
|
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
2366
|
-
|
2386
|
+
nullptr);
|
2387
|
+
SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
|
2388
|
+
RootCertExtractCallback, nullptr);
|
2367
2389
|
break;
|
2368
2390
|
}
|
2369
2391
|
|
@@ -71,7 +71,7 @@ static int grpc_rb_channel_create_in_process_add_args_hash_cb(VALUE key,
|
|
71
71
|
return ST_STOP;
|
72
72
|
}
|
73
73
|
|
74
|
-
args->args[args->num_args - 1].key = (
|
74
|
+
args->args[args->num_args - 1].key = gpr_strdup(the_key);
|
75
75
|
switch (TYPE(val)) {
|
76
76
|
case T_SYMBOL:
|
77
77
|
args->args[args->num_args - 1].type = GRPC_ARG_STRING;
|
@@ -163,6 +163,8 @@ void grpc_rb_channel_args_destroy(grpc_channel_args* args) {
|
|
163
163
|
GPR_ASSERT(args != NULL);
|
164
164
|
if (args->args == NULL) return;
|
165
165
|
for (int i = 0; i < args->num_args; i++) {
|
166
|
+
// the key was created with gpr_strdup
|
167
|
+
gpr_free(args->args[i].key);
|
166
168
|
if (args->args[i].type == GRPC_ARG_STRING) {
|
167
169
|
// we own string pointers, which were created with gpr_strdup
|
168
170
|
gpr_free(args->args[i].value.string);
|
data/src/ruby/ext/grpc/rb_grpc.c
CHANGED
data/src/ruby/ext/grpc/rb_grpc.h
CHANGED
@@ -180,6 +180,8 @@ grpc_tls_certificate_provider_static_data_create_type grpc_tls_certificate_provi
|
|
180
180
|
grpc_tls_certificate_provider_file_watcher_create_type grpc_tls_certificate_provider_file_watcher_create_import;
|
181
181
|
grpc_tls_certificate_provider_release_type grpc_tls_certificate_provider_release_import;
|
182
182
|
grpc_tls_credentials_options_create_type grpc_tls_credentials_options_create_import;
|
183
|
+
grpc_tls_credentials_options_set_min_tls_version_type grpc_tls_credentials_options_set_min_tls_version_import;
|
184
|
+
grpc_tls_credentials_options_set_max_tls_version_type grpc_tls_credentials_options_set_max_tls_version_import;
|
183
185
|
grpc_tls_credentials_options_copy_type grpc_tls_credentials_options_copy_import;
|
184
186
|
grpc_tls_credentials_options_destroy_type grpc_tls_credentials_options_destroy_import;
|
185
187
|
grpc_tls_credentials_options_set_certificate_provider_type grpc_tls_credentials_options_set_certificate_provider_import;
|
@@ -469,6 +471,8 @@ void grpc_rb_load_imports(HMODULE library) {
|
|
469
471
|
grpc_tls_certificate_provider_file_watcher_create_import = (grpc_tls_certificate_provider_file_watcher_create_type) GetProcAddress(library, "grpc_tls_certificate_provider_file_watcher_create");
|
470
472
|
grpc_tls_certificate_provider_release_import = (grpc_tls_certificate_provider_release_type) GetProcAddress(library, "grpc_tls_certificate_provider_release");
|
471
473
|
grpc_tls_credentials_options_create_import = (grpc_tls_credentials_options_create_type) GetProcAddress(library, "grpc_tls_credentials_options_create");
|
474
|
+
grpc_tls_credentials_options_set_min_tls_version_import = (grpc_tls_credentials_options_set_min_tls_version_type) GetProcAddress(library, "grpc_tls_credentials_options_set_min_tls_version");
|
475
|
+
grpc_tls_credentials_options_set_max_tls_version_import = (grpc_tls_credentials_options_set_max_tls_version_type) GetProcAddress(library, "grpc_tls_credentials_options_set_max_tls_version");
|
472
476
|
grpc_tls_credentials_options_copy_import = (grpc_tls_credentials_options_copy_type) GetProcAddress(library, "grpc_tls_credentials_options_copy");
|
473
477
|
grpc_tls_credentials_options_destroy_import = (grpc_tls_credentials_options_destroy_type) GetProcAddress(library, "grpc_tls_credentials_options_destroy");
|
474
478
|
grpc_tls_credentials_options_set_certificate_provider_import = (grpc_tls_credentials_options_set_certificate_provider_type) GetProcAddress(library, "grpc_tls_credentials_options_set_certificate_provider");
|
@@ -515,6 +515,12 @@ extern grpc_tls_certificate_provider_release_type grpc_tls_certificate_provider_
|
|
515
515
|
typedef grpc_tls_credentials_options*(*grpc_tls_credentials_options_create_type)(void);
|
516
516
|
extern grpc_tls_credentials_options_create_type grpc_tls_credentials_options_create_import;
|
517
517
|
#define grpc_tls_credentials_options_create grpc_tls_credentials_options_create_import
|
518
|
+
typedef void(*grpc_tls_credentials_options_set_min_tls_version_type)(grpc_tls_credentials_options* options, grpc_tls_version min_tls_version);
|
519
|
+
extern grpc_tls_credentials_options_set_min_tls_version_type grpc_tls_credentials_options_set_min_tls_version_import;
|
520
|
+
#define grpc_tls_credentials_options_set_min_tls_version grpc_tls_credentials_options_set_min_tls_version_import
|
521
|
+
typedef void(*grpc_tls_credentials_options_set_max_tls_version_type)(grpc_tls_credentials_options* options, grpc_tls_version max_tls_version);
|
522
|
+
extern grpc_tls_credentials_options_set_max_tls_version_type grpc_tls_credentials_options_set_max_tls_version_import;
|
523
|
+
#define grpc_tls_credentials_options_set_max_tls_version grpc_tls_credentials_options_set_max_tls_version_import
|
518
524
|
typedef grpc_tls_credentials_options*(*grpc_tls_credentials_options_copy_type)(grpc_tls_credentials_options* options);
|
519
525
|
extern grpc_tls_credentials_options_copy_type grpc_tls_credentials_options_copy_import;
|
520
526
|
#define grpc_tls_credentials_options_copy grpc_tls_credentials_options_copy_import
|
@@ -48,7 +48,7 @@ const upb_FileDef* upb_DefPool_FindFileByNameWithSize(const upb_DefPool* s,
|
|
48
48
|
const upb_FieldDef* upb_DefPool_FindExtensionByMiniTable(
|
49
49
|
const upb_DefPool* s, const upb_MiniTableExtension* ext);
|
50
50
|
|
51
|
-
const upb_FieldDef* upb_DefPool_FindExtensionByName(const upb_DefPool* s,
|
51
|
+
UPB_API const upb_FieldDef* upb_DefPool_FindExtensionByName(const upb_DefPool* s,
|
52
52
|
const char* sym);
|
53
53
|
|
54
54
|
const upb_FieldDef* upb_DefPool_FindExtensionByNameWithSize(
|
@@ -71,7 +71,7 @@ UPB_API const upb_FileDef* upb_DefPool_AddFile(
|
|
71
71
|
upb_DefPool* s, const UPB_DESC(FileDescriptorProto) * file_proto,
|
72
72
|
upb_Status* status);
|
73
73
|
|
74
|
-
const upb_ExtensionRegistry* upb_DefPool_ExtensionRegistry(
|
74
|
+
UPB_API const upb_ExtensionRegistry* upb_DefPool_ExtensionRegistry(
|
75
75
|
const upb_DefPool* s);
|
76
76
|
|
77
77
|
const upb_FieldDef** upb_DefPool_GetAllExtensions(const upb_DefPool* s,
|
data/third_party/zlib/adler32.c
CHANGED
@@ -7,8 +7,6 @@
|
|
7
7
|
|
8
8
|
#include "zutil.h"
|
9
9
|
|
10
|
-
local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2));
|
11
|
-
|
12
10
|
#define BASE 65521U /* largest prime smaller than 65536 */
|
13
11
|
#define NMAX 5552
|
14
12
|
/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
|
@@ -60,11 +58,7 @@ local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2));
|
|
60
58
|
#endif
|
61
59
|
|
62
60
|
/* ========================================================================= */
|
63
|
-
uLong ZEXPORT adler32_z(adler, buf, len)
|
64
|
-
uLong adler;
|
65
|
-
const Bytef *buf;
|
66
|
-
z_size_t len;
|
67
|
-
{
|
61
|
+
uLong ZEXPORT adler32_z(uLong adler, const Bytef *buf, z_size_t len) {
|
68
62
|
unsigned long sum2;
|
69
63
|
unsigned n;
|
70
64
|
|
@@ -131,20 +125,12 @@ uLong ZEXPORT adler32_z(adler, buf, len)
|
|
131
125
|
}
|
132
126
|
|
133
127
|
/* ========================================================================= */
|
134
|
-
uLong ZEXPORT adler32(adler, buf, len)
|
135
|
-
uLong adler;
|
136
|
-
const Bytef *buf;
|
137
|
-
uInt len;
|
138
|
-
{
|
128
|
+
uLong ZEXPORT adler32(uLong adler, const Bytef *buf, uInt len) {
|
139
129
|
return adler32_z(adler, buf, len);
|
140
130
|
}
|
141
131
|
|
142
132
|
/* ========================================================================= */
|
143
|
-
local uLong adler32_combine_(adler1, adler2, len2)
|
144
|
-
uLong adler1;
|
145
|
-
uLong adler2;
|
146
|
-
z_off64_t len2;
|
147
|
-
{
|
133
|
+
local uLong adler32_combine_(uLong adler1, uLong adler2, z_off64_t len2) {
|
148
134
|
unsigned long sum1;
|
149
135
|
unsigned long sum2;
|
150
136
|
unsigned rem;
|
@@ -169,18 +155,10 @@ local uLong adler32_combine_(adler1, adler2, len2)
|
|
169
155
|
}
|
170
156
|
|
171
157
|
/* ========================================================================= */
|
172
|
-
uLong ZEXPORT adler32_combine(adler1, adler2, len2)
|
173
|
-
uLong adler1;
|
174
|
-
uLong adler2;
|
175
|
-
z_off_t len2;
|
176
|
-
{
|
158
|
+
uLong ZEXPORT adler32_combine(uLong adler1, uLong adler2, z_off_t len2) {
|
177
159
|
return adler32_combine_(adler1, adler2, len2);
|
178
160
|
}
|
179
161
|
|
180
|
-
uLong ZEXPORT adler32_combine64(adler1, adler2, len2)
|
181
|
-
uLong adler1;
|
182
|
-
uLong adler2;
|
183
|
-
z_off64_t len2;
|
184
|
-
{
|
162
|
+
uLong ZEXPORT adler32_combine64(uLong adler1, uLong adler2, z_off64_t len2) {
|
185
163
|
return adler32_combine_(adler1, adler2, len2);
|
186
164
|
}
|
data/third_party/zlib/compress.c
CHANGED
@@ -19,13 +19,8 @@
|
|
19
19
|
memory, Z_BUF_ERROR if there was not enough room in the output buffer,
|
20
20
|
Z_STREAM_ERROR if the level parameter is invalid.
|
21
21
|
*/
|
22
|
-
int ZEXPORT compress2(dest, destLen, source,
|
23
|
-
|
24
|
-
uLongf *destLen;
|
25
|
-
const Bytef *source;
|
26
|
-
uLong sourceLen;
|
27
|
-
int level;
|
28
|
-
{
|
22
|
+
int ZEXPORT compress2(Bytef *dest, uLongf *destLen, const Bytef *source,
|
23
|
+
uLong sourceLen, int level) {
|
29
24
|
z_stream stream;
|
30
25
|
int err;
|
31
26
|
const uInt max = (uInt)-1;
|
@@ -65,12 +60,8 @@ int ZEXPORT compress2(dest, destLen, source, sourceLen, level)
|
|
65
60
|
|
66
61
|
/* ===========================================================================
|
67
62
|
*/
|
68
|
-
int ZEXPORT compress(dest, destLen, source,
|
69
|
-
|
70
|
-
uLongf *destLen;
|
71
|
-
const Bytef *source;
|
72
|
-
uLong sourceLen;
|
73
|
-
{
|
63
|
+
int ZEXPORT compress(Bytef *dest, uLongf *destLen, const Bytef *source,
|
64
|
+
uLong sourceLen) {
|
74
65
|
return compress2(dest, destLen, source, sourceLen, Z_DEFAULT_COMPRESSION);
|
75
66
|
}
|
76
67
|
|
@@ -78,9 +69,7 @@ int ZEXPORT compress(dest, destLen, source, sourceLen)
|
|
78
69
|
If the default memLevel or windowBits for deflateInit() is changed, then
|
79
70
|
this function needs to be updated.
|
80
71
|
*/
|
81
|
-
uLong ZEXPORT compressBound(sourceLen)
|
82
|
-
uLong sourceLen;
|
83
|
-
{
|
72
|
+
uLong ZEXPORT compressBound(uLong sourceLen) {
|
84
73
|
return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) +
|
85
74
|
(sourceLen >> 25) + 13;
|
86
75
|
}
|