grpc 1.60.0 → 1.61.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (277) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +208 -165
  3. data/include/grpc/event_engine/event_engine.h +59 -12
  4. data/include/grpc/event_engine/internal/memory_allocator_impl.h +6 -0
  5. data/include/grpc/event_engine/internal/slice_cast.h +12 -0
  6. data/include/grpc/event_engine/memory_allocator.h +3 -1
  7. data/include/grpc/event_engine/slice.h +5 -0
  8. data/include/grpc/grpc_security.h +22 -1
  9. data/include/grpc/impl/call.h +29 -0
  10. data/include/grpc/impl/channel_arg_names.h +12 -1
  11. data/include/grpc/impl/slice_type.h +1 -1
  12. data/include/grpc/module.modulemap +1 -0
  13. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +54 -7
  14. data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +20 -6
  15. data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +10 -13
  16. data/src/core/ext/filters/channel_idle/channel_idle_filter.h +18 -10
  17. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +326 -0
  18. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.h +143 -0
  19. data/src/core/ext/filters/client_channel/backend_metric.cc +2 -2
  20. data/src/core/ext/filters/client_channel/client_channel.cc +32 -6
  21. data/src/core/ext/filters/client_channel/client_channel_internal.h +2 -0
  22. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +1 -1
  23. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +54 -21
  24. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +3 -2
  25. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +2 -1
  26. data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.cc +12 -15
  27. data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.h +8 -5
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +139 -92
  29. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +9 -4
  30. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +9 -4
  31. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +10 -11
  32. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +94 -93
  33. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +5 -3
  34. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +12 -15
  35. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +38 -16
  36. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +25 -28
  37. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +10 -10
  38. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +37 -35
  39. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -9
  40. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +504 -461
  41. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +232 -122
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +8 -6
  43. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +642 -251
  44. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.h +2 -6
  45. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +7 -8
  46. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -1
  47. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +3 -1
  48. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
  49. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +2 -2
  50. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +6 -8
  51. data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.cc +1031 -0
  52. data/src/core/ext/filters/client_channel/resolver/xds/xds_dependency_manager.h +277 -0
  53. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +128 -270
  54. data/src/core/ext/filters/client_channel/resolver/xds/{xds_resolver.h → xds_resolver_attributes.h} +5 -4
  55. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.cc +25 -0
  56. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver_trace.h +30 -0
  57. data/src/core/ext/filters/client_channel/retry_filter.cc +1 -0
  58. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +35 -17
  59. data/src/core/ext/filters/deadline/deadline_filter.cc +12 -0
  60. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +17 -13
  61. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +13 -4
  62. data/src/core/ext/filters/http/client/http_client_filter.cc +23 -32
  63. data/src/core/ext/filters/http/client/http_client_filter.h +10 -5
  64. data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
  65. data/src/core/ext/filters/http/client_authority_filter.h +12 -4
  66. data/src/core/ext/filters/http/http_filters_plugin.cc +42 -20
  67. data/src/core/ext/filters/http/message_compress/compression_filter.cc +55 -80
  68. data/src/core/ext/filters/http/message_compress/compression_filter.h +54 -12
  69. data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +325 -0
  70. data/src/core/ext/filters/http/message_compress/legacy_compression_filter.h +139 -0
  71. data/src/core/ext/filters/http/server/http_server_filter.cc +41 -41
  72. data/src/core/ext/filters/http/server/http_server_filter.h +11 -4
  73. data/src/core/ext/filters/message_size/message_size_filter.cc +56 -76
  74. data/src/core/ext/filters/message_size/message_size_filter.h +35 -23
  75. data/src/core/ext/filters/rbac/rbac_filter.cc +15 -11
  76. data/src/core/ext/filters/rbac/rbac_filter.h +11 -4
  77. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +25 -13
  78. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +47 -50
  79. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +21 -4
  80. data/src/core/ext/transport/chttp2/alpn/alpn.cc +1 -1
  81. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -2
  82. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +11 -2
  83. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +67 -145
  84. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +3 -3
  85. data/src/core/ext/transport/chttp2/transport/flow_control.cc +21 -82
  86. data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -8
  87. data/src/core/ext/transport/chttp2/transport/frame.cc +506 -0
  88. data/src/core/ext/transport/chttp2/transport/frame.h +214 -0
  89. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +1 -1
  90. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +33 -79
  91. data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -7
  92. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +122 -32
  93. data/src/core/ext/transport/chttp2/transport/http2_settings.h +142 -37
  94. data/src/core/ext/transport/chttp2/transport/internal.h +1 -22
  95. data/src/core/ext/transport/chttp2/transport/parsing.cc +23 -37
  96. data/src/core/ext/transport/chttp2/transport/writing.cc +26 -58
  97. data/src/core/ext/transport/inproc/inproc_transport.cc +172 -13
  98. data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb.h +712 -0
  99. data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.c +151 -0
  100. data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.h +33 -0
  101. data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.c +133 -0
  102. data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.h +50 -0
  103. data/src/core/ext/xds/certificate_provider_store.cc +2 -1
  104. data/src/core/ext/xds/certificate_provider_store.h +0 -5
  105. data/src/core/ext/xds/xds_api.cc +31 -18
  106. data/src/core/ext/xds/xds_api.h +2 -2
  107. data/src/core/ext/xds/xds_bootstrap.h +3 -0
  108. data/src/core/ext/xds/xds_certificate_provider.cc +88 -287
  109. data/src/core/ext/xds/xds_certificate_provider.h +44 -111
  110. data/src/core/ext/xds/xds_client.cc +420 -414
  111. data/src/core/ext/xds/xds_client.h +31 -22
  112. data/src/core/ext/xds/xds_client_grpc.cc +3 -1
  113. data/src/core/ext/xds/xds_cluster.cc +104 -11
  114. data/src/core/ext/xds/xds_cluster.h +9 -1
  115. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +9 -5
  116. data/src/core/ext/xds/xds_common_types.cc +14 -10
  117. data/src/core/ext/xds/xds_endpoint.cc +9 -4
  118. data/src/core/ext/xds/xds_endpoint.h +5 -1
  119. data/src/core/ext/xds/xds_health_status.cc +12 -2
  120. data/src/core/ext/xds/xds_health_status.h +4 -2
  121. data/src/core/ext/xds/xds_http_rbac_filter.cc +5 -3
  122. data/src/core/ext/xds/xds_listener.cc +14 -8
  123. data/src/core/ext/xds/xds_resource_type_impl.h +6 -4
  124. data/src/core/ext/xds/xds_route_config.cc +34 -22
  125. data/src/core/ext/xds/xds_route_config.h +1 -0
  126. data/src/core/ext/xds/xds_server_config_fetcher.cc +61 -57
  127. data/src/core/ext/xds/xds_transport.h +3 -0
  128. data/src/core/ext/xds/xds_transport_grpc.cc +47 -50
  129. data/src/core/ext/xds/xds_transport_grpc.h +4 -0
  130. data/src/core/lib/channel/call_tracer.cc +12 -0
  131. data/src/core/lib/channel/call_tracer.h +17 -3
  132. data/src/core/lib/channel/channel_args.cc +24 -14
  133. data/src/core/lib/channel/channel_args.h +74 -13
  134. data/src/core/lib/channel/channel_stack.cc +27 -0
  135. data/src/core/lib/channel/channel_stack.h +10 -10
  136. data/src/core/lib/channel/connected_channel.cc +64 -18
  137. data/src/core/lib/channel/promise_based_filter.h +1041 -1
  138. data/src/core/lib/channel/server_call_tracer_filter.cc +43 -35
  139. data/src/core/lib/compression/compression_internal.cc +0 -3
  140. data/src/core/lib/event_engine/ares_resolver.cc +35 -14
  141. data/src/core/lib/event_engine/ares_resolver.h +9 -10
  142. data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +8 -1
  143. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.cc +132 -0
  144. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +61 -0
  145. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +52 -36
  146. data/src/core/lib/event_engine/posix_engine/posix_engine.h +4 -9
  147. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +11 -3
  148. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +9 -2
  149. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +7 -0
  150. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +17 -27
  151. data/src/core/lib/event_engine/posix_engine/timer_manager.h +0 -3
  152. data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +55 -0
  153. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +114 -0
  154. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.h +51 -0
  155. data/src/core/lib/event_engine/windows/windows_engine.cc +7 -7
  156. data/src/core/lib/experiments/config.cc +13 -0
  157. data/src/core/lib/experiments/config.h +3 -0
  158. data/src/core/lib/experiments/experiments.cc +245 -366
  159. data/src/core/lib/experiments/experiments.h +50 -156
  160. data/src/core/lib/gprpp/debug_location.h +13 -0
  161. data/src/core/lib/gprpp/dual_ref_counted.h +36 -7
  162. data/src/core/lib/gprpp/orphanable.h +27 -0
  163. data/src/core/lib/gprpp/ref_counted.h +63 -22
  164. data/src/core/lib/gprpp/ref_counted_ptr.h +70 -27
  165. data/src/core/lib/gprpp/ref_counted_string.h +13 -0
  166. data/src/core/lib/gprpp/status_helper.cc +1 -2
  167. data/src/core/lib/iomgr/combiner.cc +15 -51
  168. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +31 -0
  169. data/src/core/lib/iomgr/event_engine_shims/endpoint.h +16 -0
  170. data/src/core/lib/iomgr/tcp_client_posix.cc +4 -3
  171. data/src/core/lib/load_balancing/lb_policy.h +1 -1
  172. data/src/core/lib/promise/activity.cc +17 -2
  173. data/src/core/lib/promise/activity.h +5 -4
  174. data/src/core/lib/promise/all_ok.h +80 -0
  175. data/src/core/lib/promise/detail/join_state.h +2077 -0
  176. data/src/core/lib/promise/detail/promise_factory.h +1 -0
  177. data/src/core/lib/promise/detail/promise_like.h +8 -1
  178. data/src/core/lib/promise/detail/seq_state.h +3458 -150
  179. data/src/core/lib/promise/detail/status.h +42 -5
  180. data/src/core/lib/promise/for_each.h +13 -1
  181. data/src/core/lib/promise/if.h +4 -0
  182. data/src/core/lib/promise/latch.h +6 -3
  183. data/src/core/lib/promise/party.cc +33 -31
  184. data/src/core/lib/promise/party.h +142 -6
  185. data/src/core/lib/promise/poll.h +39 -13
  186. data/src/core/lib/promise/promise.h +4 -0
  187. data/src/core/lib/promise/seq.h +107 -7
  188. data/src/core/lib/promise/status_flag.h +196 -0
  189. data/src/core/lib/promise/try_join.h +132 -0
  190. data/src/core/lib/promise/try_seq.h +132 -10
  191. data/src/core/lib/resolver/endpoint_addresses.cc +0 -1
  192. data/src/core/lib/resolver/endpoint_addresses.h +48 -0
  193. data/src/core/lib/resource_quota/arena.h +2 -2
  194. data/src/core/lib/resource_quota/memory_quota.cc +57 -8
  195. data/src/core/lib/resource_quota/memory_quota.h +6 -0
  196. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +14 -11
  197. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +14 -5
  198. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +4 -0
  199. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -0
  200. data/src/core/lib/security/credentials/external/external_account_credentials.cc +28 -20
  201. data/src/core/lib/security/credentials/external/external_account_credentials.h +4 -0
  202. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +4 -0
  203. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -0
  204. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +4 -0
  205. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +4 -0
  206. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -1
  207. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -3
  208. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +12 -0
  209. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +22 -5
  210. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -5
  211. data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -0
  212. data/src/core/lib/security/credentials/xds/xds_credentials.cc +21 -28
  213. data/src/core/lib/security/credentials/xds/xds_credentials.h +2 -4
  214. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +4 -3
  215. data/src/core/lib/security/transport/auth_filters.h +71 -4
  216. data/src/core/lib/security/transport/client_auth_filter.cc +2 -4
  217. data/src/core/lib/security/transport/legacy_server_auth_filter.cc +244 -0
  218. data/src/core/lib/security/transport/server_auth_filter.cc +70 -90
  219. data/src/core/lib/slice/slice_buffer.h +3 -0
  220. data/src/core/lib/surface/builtins.cc +1 -1
  221. data/src/core/lib/surface/call.cc +683 -196
  222. data/src/core/lib/surface/call.h +26 -13
  223. data/src/core/lib/surface/call_trace.cc +42 -1
  224. data/src/core/lib/surface/channel.cc +0 -1
  225. data/src/core/lib/surface/channel.h +0 -6
  226. data/src/core/lib/surface/channel_init.h +26 -0
  227. data/src/core/lib/surface/init.cc +14 -8
  228. data/src/core/lib/surface/server.cc +256 -237
  229. data/src/core/lib/surface/server.h +26 -54
  230. data/src/core/lib/surface/version.cc +2 -2
  231. data/src/core/lib/surface/wait_for_cq_end_op.h +94 -0
  232. data/src/core/lib/transport/call_final_info.cc +38 -0
  233. data/src/core/lib/transport/call_final_info.h +54 -0
  234. data/src/core/lib/transport/connectivity_state.cc +3 -2
  235. data/src/core/lib/transport/connectivity_state.h +4 -0
  236. data/src/core/lib/transport/metadata_batch.h +4 -4
  237. data/src/core/lib/transport/transport.cc +70 -19
  238. data/src/core/lib/transport/transport.h +395 -25
  239. data/src/core/plugin_registry/grpc_plugin_registry.cc +3 -0
  240. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +0 -3
  241. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
  242. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  243. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -1
  244. data/src/core/tsi/ssl_transport_security.cc +65 -43
  245. data/src/ruby/ext/grpc/rb_channel_args.c +3 -1
  246. data/src/ruby/ext/grpc/rb_grpc.c +0 -1
  247. data/src/ruby/ext/grpc/rb_grpc.h +0 -2
  248. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
  249. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
  250. data/src/ruby/lib/grpc/version.rb +1 -1
  251. data/third_party/upb/upb/reflection/def_pool.h +2 -2
  252. data/third_party/zlib/adler32.c +5 -27
  253. data/third_party/zlib/compress.c +5 -16
  254. data/third_party/zlib/crc32.c +86 -162
  255. data/third_party/zlib/deflate.c +233 -336
  256. data/third_party/zlib/deflate.h +8 -8
  257. data/third_party/zlib/gzguts.h +11 -12
  258. data/third_party/zlib/infback.c +7 -23
  259. data/third_party/zlib/inffast.c +1 -4
  260. data/third_party/zlib/inffast.h +1 -1
  261. data/third_party/zlib/inflate.c +30 -99
  262. data/third_party/zlib/inftrees.c +6 -11
  263. data/third_party/zlib/inftrees.h +3 -3
  264. data/third_party/zlib/trees.c +224 -302
  265. data/third_party/zlib/uncompr.c +4 -12
  266. data/third_party/zlib/zconf.h +6 -2
  267. data/third_party/zlib/zlib.h +191 -188
  268. data/third_party/zlib/zutil.c +16 -44
  269. data/third_party/zlib/zutil.h +10 -10
  270. metadata +35 -13
  271. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +0 -1173
  272. data/src/core/lib/event_engine/memory_allocator.cc +0 -74
  273. data/src/core/lib/transport/pid_controller.cc +0 -51
  274. data/src/core/lib/transport/pid_controller.h +0 -116
  275. data/third_party/upb/upb/collections/array.h +0 -17
  276. data/third_party/upb/upb/collections/map.h +0 -17
  277. data/third_party/upb/upb/upb.hpp +0 -18
@@ -176,6 +176,12 @@ static unsigned long openssl_thread_id_cb(void) {
176
176
  }
177
177
  #endif
178
178
 
179
+ static void verified_root_cert_free(void* /*parent*/, void* ptr,
180
+ CRYPTO_EX_DATA* /*ad*/, int /*index*/,
181
+ long /*argl*/, void* /*argp*/) {
182
+ X509_free(static_cast<X509*>(ptr));
183
+ }
184
+
179
185
  static void init_openssl(void) {
180
186
  #if OPENSSL_VERSION_NUMBER >= 0x10100000
181
187
  OPENSSL_init_ssl(0, nullptr);
@@ -207,8 +213,8 @@ static void init_openssl(void) {
207
213
  SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
208
214
  GPR_ASSERT(g_ssl_ctx_ex_crl_provider_index != -1);
209
215
 
210
- g_ssl_ex_verified_root_cert_index =
211
- SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
216
+ g_ssl_ex_verified_root_cert_index = SSL_get_ex_new_index(
217
+ 0, nullptr, nullptr, nullptr, verified_root_cert_free);
212
218
  GPR_ASSERT(g_ssl_ex_verified_root_cert_index != -1);
213
219
  }
214
220
 
@@ -269,13 +275,14 @@ static tsi_result ssl_get_x509_common_name(X509* cert, unsigned char** utf8,
269
275
  X509_NAME* subject_name = X509_get_subject_name(cert);
270
276
  int utf8_returned_size = 0;
271
277
  if (subject_name == nullptr) {
272
- gpr_log(GPR_INFO, "Could not get subject name from certificate.");
278
+ gpr_log(GPR_DEBUG, "Could not get subject name from certificate.");
273
279
  return TSI_NOT_FOUND;
274
280
  }
275
281
  common_name_index =
276
282
  X509_NAME_get_index_by_NID(subject_name, NID_commonName, -1);
277
283
  if (common_name_index == -1) {
278
- gpr_log(GPR_INFO, "Could not get common name of subject from certificate.");
284
+ gpr_log(GPR_DEBUG,
285
+ "Could not get common name of subject from certificate.");
279
286
  return TSI_NOT_FOUND;
280
287
  }
281
288
  common_name_entry = X509_NAME_get_entry(subject_name, common_name_index);
@@ -899,53 +906,40 @@ static int verify_cb(int ok, X509_STORE_CTX* ctx) {
899
906
  // the server's certificate, but we need to pull it anyway, in case a higher
900
907
  // layer wants to look at it. In this case the verification may fail, but
901
908
  // we don't really care.
902
- static int NullVerifyCallback(int /*preverify_ok*/, X509_STORE_CTX* /*ctx*/) {
909
+ static int NullVerifyCallback(X509_STORE_CTX* /*ctx*/, void* /*arg*/) {
903
910
  return 1;
904
911
  }
905
912
 
906
- static int RootCertExtractCallback(int preverify_ok, X509_STORE_CTX* ctx) {
907
- if (ctx == nullptr) {
908
- return preverify_ok;
909
- }
910
-
911
- // There's a case where this function is set in SSL_CTX_set_verify and a CRL
912
- // related callback is set with X509_STORE_set_verify_cb. They overlap and
913
- // this will take precedence, thus we need to ensure the CRL related callback
914
- // is still called
915
- X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx);
916
- auto flags = X509_VERIFY_PARAM_get_flags(param);
917
- if (flags & X509_V_FLAG_CRL_CHECK) {
918
- preverify_ok = verify_cb(preverify_ok, ctx);
919
- }
920
-
921
- // If preverify_ok == 0, verification failed. We shouldn't expect to have a
922
- // verified chain, so there is no need to attempt to extract the root cert
923
- // from it
924
- if (preverify_ok == 0) {
925
- return preverify_ok;
913
+ static int RootCertExtractCallback(X509_STORE_CTX* ctx, void* /*arg*/) {
914
+ int ret = X509_verify_cert(ctx);
915
+ if (ret <= 0) {
916
+ // Verification failed. We shouldn't expect to have a verified chain, so
917
+ // there is no need to attempt to extract the root cert from it.
918
+ return ret;
926
919
  }
927
920
 
928
- // If we're here, verification was successful
929
- // Get the verified chain from the X509_STORE_CTX and put it on the SSL object
930
- // so that we have access to it when populating the tsi_peer
921
+ // Verification was successful. Get the verified chain from the X509_STORE_CTX
922
+ // and put the root on the SSL object so that we have access to it when
923
+ // populating the tsi_peer. On error extracting the root, we return success
924
+ // anyway and proceed with the connection, to preserve the behavior of an
925
+ // older version of this code.
931
926
  #if OPENSSL_VERSION_NUMBER >= 0x10100000
932
927
  STACK_OF(X509)* chain = X509_STORE_CTX_get0_chain(ctx);
933
928
  #else
934
929
  STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(ctx);
935
930
  #endif
936
-
937
931
  if (chain == nullptr) {
938
- return preverify_ok;
932
+ return ret;
939
933
  }
940
934
 
941
935
  // The root cert is the last in the chain
942
936
  size_t chain_length = sk_X509_num(chain);
943
937
  if (chain_length == 0) {
944
- return preverify_ok;
938
+ return ret;
945
939
  }
946
940
  X509* root_cert = sk_X509_value(chain, chain_length - 1);
947
941
  if (root_cert == nullptr) {
948
- return preverify_ok;
942
+ return ret;
949
943
  }
950
944
 
951
945
  ERR_clear_error();
@@ -955,18 +949,32 @@ static int RootCertExtractCallback(int preverify_ok, X509_STORE_CTX* ctx) {
955
949
  ERR_error_string_n(ERR_get_error(), err_str, sizeof(err_str));
956
950
  gpr_log(GPR_ERROR,
957
951
  "error getting the SSL index from the X509_STORE_CTX: %s", err_str);
958
- return preverify_ok;
952
+ return ret;
959
953
  }
960
954
  SSL* ssl = static_cast<SSL*>(X509_STORE_CTX_get_ex_data(ctx, ssl_index));
961
955
  if (ssl == nullptr) {
962
- return preverify_ok;
956
+ return ret;
963
957
  }
958
+
959
+ // Free the old root and save the new one. There should not be an old root,
960
+ // but if renegotiation is not disabled (required by RFC 9113, Section
961
+ // 9.2.1), it is possible that this callback run multiple times for a single
962
+ // connection. gRPC does not always disable renegotiation. See
963
+ // https://github.com/grpc/grpc/issues/35368
964
+ X509_free(static_cast<X509*>(
965
+ SSL_get_ex_data(ssl, g_ssl_ex_verified_root_cert_index)));
964
966
  int success =
965
967
  SSL_set_ex_data(ssl, g_ssl_ex_verified_root_cert_index, root_cert);
966
968
  if (success == 0) {
967
969
  gpr_log(GPR_INFO, "Could not set verified root cert in SSL's ex_data");
970
+ } else {
971
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L
972
+ X509_up_ref(root_cert);
973
+ #else
974
+ CRYPTO_add(&root_cert->references, 1, CRYPTO_LOCK_X509);
975
+ #endif
968
976
  }
969
- return preverify_ok;
977
+ return ret;
970
978
  }
971
979
 
972
980
  // X509_STORE_set_get_crl() sets the function to get the crl for a given
@@ -2073,6 +2081,9 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
2073
2081
  ssl_context = SSL_CTX_new(TLS_method());
2074
2082
  #else
2075
2083
  ssl_context = SSL_CTX_new(TLSv1_2_method());
2084
+ #endif
2085
+ #if OPENSSL_VERSION_NUMBER >= 0x10101000
2086
+ SSL_CTX_set_options(ssl_context, SSL_OP_NO_RENEGOTIATION);
2076
2087
  #endif
2077
2088
  if (ssl_context == nullptr) {
2078
2089
  grpc_core::LogSslErrorStack();
@@ -2166,10 +2177,12 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options(
2166
2177
  tsi_ssl_handshaker_factory_unref(&impl->base);
2167
2178
  return result;
2168
2179
  }
2180
+ SSL_CTX_set_verify(ssl_context, SSL_VERIFY_PEER, nullptr);
2169
2181
  if (options->skip_server_certificate_verification) {
2170
- SSL_CTX_set_verify(ssl_context, SSL_VERIFY_PEER, NullVerifyCallback);
2182
+ SSL_CTX_set_cert_verify_callback(ssl_context, NullVerifyCallback, nullptr);
2171
2183
  } else {
2172
- SSL_CTX_set_verify(ssl_context, SSL_VERIFY_PEER, RootCertExtractCallback);
2184
+ SSL_CTX_set_cert_verify_callback(ssl_context, RootCertExtractCallback,
2185
+ nullptr);
2173
2186
  }
2174
2187
 
2175
2188
  #if OPENSSL_VERSION_NUMBER >= 0x10100000
@@ -2288,6 +2301,9 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
2288
2301
  impl->ssl_contexts[i] = SSL_CTX_new(TLS_method());
2289
2302
  #else
2290
2303
  impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
2304
+ #endif
2305
+ #if OPENSSL_VERSION_NUMBER >= 0x10101000
2306
+ SSL_CTX_set_options(impl->ssl_contexts[i], SSL_OP_NO_RENEGOTIATION);
2291
2307
  #endif
2292
2308
  if (impl->ssl_contexts[i] == nullptr) {
2293
2309
  grpc_core::LogSslErrorStack();
@@ -2348,22 +2364,28 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options(
2348
2364
  SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_NONE, nullptr);
2349
2365
  break;
2350
2366
  case TSI_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
2351
- SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER,
2352
- NullVerifyCallback);
2367
+ SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, nullptr);
2368
+ SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
2369
+ NullVerifyCallback, nullptr);
2353
2370
  break;
2354
2371
  case TSI_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY:
2355
- SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER,
2356
- RootCertExtractCallback);
2372
+ SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, nullptr);
2373
+ SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
2374
+ RootCertExtractCallback, nullptr);
2357
2375
  break;
2358
2376
  case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY:
2359
2377
  SSL_CTX_set_verify(impl->ssl_contexts[i],
2360
2378
  SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
2361
- NullVerifyCallback);
2379
+ nullptr);
2380
+ SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
2381
+ NullVerifyCallback, nullptr);
2362
2382
  break;
2363
2383
  case TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY:
2364
2384
  SSL_CTX_set_verify(impl->ssl_contexts[i],
2365
2385
  SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
2366
- RootCertExtractCallback);
2386
+ nullptr);
2387
+ SSL_CTX_set_cert_verify_callback(impl->ssl_contexts[i],
2388
+ RootCertExtractCallback, nullptr);
2367
2389
  break;
2368
2390
  }
2369
2391
 
@@ -71,7 +71,7 @@ static int grpc_rb_channel_create_in_process_add_args_hash_cb(VALUE key,
71
71
  return ST_STOP;
72
72
  }
73
73
 
74
- args->args[args->num_args - 1].key = (char*)the_key;
74
+ args->args[args->num_args - 1].key = gpr_strdup(the_key);
75
75
  switch (TYPE(val)) {
76
76
  case T_SYMBOL:
77
77
  args->args[args->num_args - 1].type = GRPC_ARG_STRING;
@@ -163,6 +163,8 @@ void grpc_rb_channel_args_destroy(grpc_channel_args* args) {
163
163
  GPR_ASSERT(args != NULL);
164
164
  if (args->args == NULL) return;
165
165
  for (int i = 0; i < args->num_args; i++) {
166
+ // the key was created with gpr_strdup
167
+ gpr_free(args->args[i].key);
166
168
  if (args->args[i].type == GRPC_ARG_STRING) {
167
169
  // we own string pointers, which were created with gpr_strdup
168
170
  gpr_free(args->args[i].value.string);
@@ -23,7 +23,6 @@
23
23
  #include <math.h>
24
24
  #include <ruby/vm.h>
25
25
  #include <stdbool.h>
26
- #include <sys/time.h>
27
26
  #include <sys/types.h>
28
27
  #include <unistd.h>
29
28
 
@@ -21,8 +21,6 @@
21
21
 
22
22
  #include <ruby/ruby.h>
23
23
 
24
- #include <sys/time.h>
25
-
26
24
  #include <grpc/support/time.h>
27
25
 
28
26
  /* grpc_rb_mGrpcCore is the module containing the ruby wrapper GRPC classes. */
@@ -180,6 +180,8 @@ grpc_tls_certificate_provider_static_data_create_type grpc_tls_certificate_provi
180
180
  grpc_tls_certificate_provider_file_watcher_create_type grpc_tls_certificate_provider_file_watcher_create_import;
181
181
  grpc_tls_certificate_provider_release_type grpc_tls_certificate_provider_release_import;
182
182
  grpc_tls_credentials_options_create_type grpc_tls_credentials_options_create_import;
183
+ grpc_tls_credentials_options_set_min_tls_version_type grpc_tls_credentials_options_set_min_tls_version_import;
184
+ grpc_tls_credentials_options_set_max_tls_version_type grpc_tls_credentials_options_set_max_tls_version_import;
183
185
  grpc_tls_credentials_options_copy_type grpc_tls_credentials_options_copy_import;
184
186
  grpc_tls_credentials_options_destroy_type grpc_tls_credentials_options_destroy_import;
185
187
  grpc_tls_credentials_options_set_certificate_provider_type grpc_tls_credentials_options_set_certificate_provider_import;
@@ -469,6 +471,8 @@ void grpc_rb_load_imports(HMODULE library) {
469
471
  grpc_tls_certificate_provider_file_watcher_create_import = (grpc_tls_certificate_provider_file_watcher_create_type) GetProcAddress(library, "grpc_tls_certificate_provider_file_watcher_create");
470
472
  grpc_tls_certificate_provider_release_import = (grpc_tls_certificate_provider_release_type) GetProcAddress(library, "grpc_tls_certificate_provider_release");
471
473
  grpc_tls_credentials_options_create_import = (grpc_tls_credentials_options_create_type) GetProcAddress(library, "grpc_tls_credentials_options_create");
474
+ grpc_tls_credentials_options_set_min_tls_version_import = (grpc_tls_credentials_options_set_min_tls_version_type) GetProcAddress(library, "grpc_tls_credentials_options_set_min_tls_version");
475
+ grpc_tls_credentials_options_set_max_tls_version_import = (grpc_tls_credentials_options_set_max_tls_version_type) GetProcAddress(library, "grpc_tls_credentials_options_set_max_tls_version");
472
476
  grpc_tls_credentials_options_copy_import = (grpc_tls_credentials_options_copy_type) GetProcAddress(library, "grpc_tls_credentials_options_copy");
473
477
  grpc_tls_credentials_options_destroy_import = (grpc_tls_credentials_options_destroy_type) GetProcAddress(library, "grpc_tls_credentials_options_destroy");
474
478
  grpc_tls_credentials_options_set_certificate_provider_import = (grpc_tls_credentials_options_set_certificate_provider_type) GetProcAddress(library, "grpc_tls_credentials_options_set_certificate_provider");
@@ -515,6 +515,12 @@ extern grpc_tls_certificate_provider_release_type grpc_tls_certificate_provider_
515
515
  typedef grpc_tls_credentials_options*(*grpc_tls_credentials_options_create_type)(void);
516
516
  extern grpc_tls_credentials_options_create_type grpc_tls_credentials_options_create_import;
517
517
  #define grpc_tls_credentials_options_create grpc_tls_credentials_options_create_import
518
+ typedef void(*grpc_tls_credentials_options_set_min_tls_version_type)(grpc_tls_credentials_options* options, grpc_tls_version min_tls_version);
519
+ extern grpc_tls_credentials_options_set_min_tls_version_type grpc_tls_credentials_options_set_min_tls_version_import;
520
+ #define grpc_tls_credentials_options_set_min_tls_version grpc_tls_credentials_options_set_min_tls_version_import
521
+ typedef void(*grpc_tls_credentials_options_set_max_tls_version_type)(grpc_tls_credentials_options* options, grpc_tls_version max_tls_version);
522
+ extern grpc_tls_credentials_options_set_max_tls_version_type grpc_tls_credentials_options_set_max_tls_version_import;
523
+ #define grpc_tls_credentials_options_set_max_tls_version grpc_tls_credentials_options_set_max_tls_version_import
518
524
  typedef grpc_tls_credentials_options*(*grpc_tls_credentials_options_copy_type)(grpc_tls_credentials_options* options);
519
525
  extern grpc_tls_credentials_options_copy_type grpc_tls_credentials_options_copy_import;
520
526
  #define grpc_tls_credentials_options_copy grpc_tls_credentials_options_copy_import
@@ -14,5 +14,5 @@
14
14
 
15
15
  # GRPC contains the General RPC module.
16
16
  module GRPC
17
- VERSION = '1.60.0'
17
+ VERSION = '1.61.0'
18
18
  end
@@ -48,7 +48,7 @@ const upb_FileDef* upb_DefPool_FindFileByNameWithSize(const upb_DefPool* s,
48
48
  const upb_FieldDef* upb_DefPool_FindExtensionByMiniTable(
49
49
  const upb_DefPool* s, const upb_MiniTableExtension* ext);
50
50
 
51
- const upb_FieldDef* upb_DefPool_FindExtensionByName(const upb_DefPool* s,
51
+ UPB_API const upb_FieldDef* upb_DefPool_FindExtensionByName(const upb_DefPool* s,
52
52
  const char* sym);
53
53
 
54
54
  const upb_FieldDef* upb_DefPool_FindExtensionByNameWithSize(
@@ -71,7 +71,7 @@ UPB_API const upb_FileDef* upb_DefPool_AddFile(
71
71
  upb_DefPool* s, const UPB_DESC(FileDescriptorProto) * file_proto,
72
72
  upb_Status* status);
73
73
 
74
- const upb_ExtensionRegistry* upb_DefPool_ExtensionRegistry(
74
+ UPB_API const upb_ExtensionRegistry* upb_DefPool_ExtensionRegistry(
75
75
  const upb_DefPool* s);
76
76
 
77
77
  const upb_FieldDef** upb_DefPool_GetAllExtensions(const upb_DefPool* s,
@@ -7,8 +7,6 @@
7
7
 
8
8
  #include "zutil.h"
9
9
 
10
- local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2));
11
-
12
10
  #define BASE 65521U /* largest prime smaller than 65536 */
13
11
  #define NMAX 5552
14
12
  /* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
@@ -60,11 +58,7 @@ local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2));
60
58
  #endif
61
59
 
62
60
  /* ========================================================================= */
63
- uLong ZEXPORT adler32_z(adler, buf, len)
64
- uLong adler;
65
- const Bytef *buf;
66
- z_size_t len;
67
- {
61
+ uLong ZEXPORT adler32_z(uLong adler, const Bytef *buf, z_size_t len) {
68
62
  unsigned long sum2;
69
63
  unsigned n;
70
64
 
@@ -131,20 +125,12 @@ uLong ZEXPORT adler32_z(adler, buf, len)
131
125
  }
132
126
 
133
127
  /* ========================================================================= */
134
- uLong ZEXPORT adler32(adler, buf, len)
135
- uLong adler;
136
- const Bytef *buf;
137
- uInt len;
138
- {
128
+ uLong ZEXPORT adler32(uLong adler, const Bytef *buf, uInt len) {
139
129
  return adler32_z(adler, buf, len);
140
130
  }
141
131
 
142
132
  /* ========================================================================= */
143
- local uLong adler32_combine_(adler1, adler2, len2)
144
- uLong adler1;
145
- uLong adler2;
146
- z_off64_t len2;
147
- {
133
+ local uLong adler32_combine_(uLong adler1, uLong adler2, z_off64_t len2) {
148
134
  unsigned long sum1;
149
135
  unsigned long sum2;
150
136
  unsigned rem;
@@ -169,18 +155,10 @@ local uLong adler32_combine_(adler1, adler2, len2)
169
155
  }
170
156
 
171
157
  /* ========================================================================= */
172
- uLong ZEXPORT adler32_combine(adler1, adler2, len2)
173
- uLong adler1;
174
- uLong adler2;
175
- z_off_t len2;
176
- {
158
+ uLong ZEXPORT adler32_combine(uLong adler1, uLong adler2, z_off_t len2) {
177
159
  return adler32_combine_(adler1, adler2, len2);
178
160
  }
179
161
 
180
- uLong ZEXPORT adler32_combine64(adler1, adler2, len2)
181
- uLong adler1;
182
- uLong adler2;
183
- z_off64_t len2;
184
- {
162
+ uLong ZEXPORT adler32_combine64(uLong adler1, uLong adler2, z_off64_t len2) {
185
163
  return adler32_combine_(adler1, adler2, len2);
186
164
  }
@@ -19,13 +19,8 @@
19
19
  memory, Z_BUF_ERROR if there was not enough room in the output buffer,
20
20
  Z_STREAM_ERROR if the level parameter is invalid.
21
21
  */
22
- int ZEXPORT compress2(dest, destLen, source, sourceLen, level)
23
- Bytef *dest;
24
- uLongf *destLen;
25
- const Bytef *source;
26
- uLong sourceLen;
27
- int level;
28
- {
22
+ int ZEXPORT compress2(Bytef *dest, uLongf *destLen, const Bytef *source,
23
+ uLong sourceLen, int level) {
29
24
  z_stream stream;
30
25
  int err;
31
26
  const uInt max = (uInt)-1;
@@ -65,12 +60,8 @@ int ZEXPORT compress2(dest, destLen, source, sourceLen, level)
65
60
 
66
61
  /* ===========================================================================
67
62
  */
68
- int ZEXPORT compress(dest, destLen, source, sourceLen)
69
- Bytef *dest;
70
- uLongf *destLen;
71
- const Bytef *source;
72
- uLong sourceLen;
73
- {
63
+ int ZEXPORT compress(Bytef *dest, uLongf *destLen, const Bytef *source,
64
+ uLong sourceLen) {
74
65
  return compress2(dest, destLen, source, sourceLen, Z_DEFAULT_COMPRESSION);
75
66
  }
76
67
 
@@ -78,9 +69,7 @@ int ZEXPORT compress(dest, destLen, source, sourceLen)
78
69
  If the default memLevel or windowBits for deflateInit() is changed, then
79
70
  this function needs to be updated.
80
71
  */
81
- uLong ZEXPORT compressBound(sourceLen)
82
- uLong sourceLen;
83
- {
72
+ uLong ZEXPORT compressBound(uLong sourceLen) {
84
73
  return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) +
85
74
  (sourceLen >> 25) + 13;
86
75
  }