grpc 1.63.0 → 1.64.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +54 -51
- data/include/grpc/credentials.h +1222 -0
- data/include/grpc/grpc.h +7 -0
- data/include/grpc/grpc_crl_provider.h +1 -0
- data/include/grpc/grpc_security.h +0 -1171
- data/include/grpc/impl/channel_arg_names.h +0 -3
- data/include/grpc/module.modulemap +1 -0
- data/include/grpc/support/log.h +1 -1
- data/src/core/{lib/channel → channelz}/channel_trace.cc +56 -62
- data/src/core/{lib/channel → channelz}/channel_trace.h +21 -19
- data/src/core/{lib/channel → channelz}/channelz.cc +68 -6
- data/src/core/{lib/channel → channelz}/channelz.h +45 -6
- data/src/core/{lib/channel → channelz}/channelz_registry.cc +7 -6
- data/src/core/{lib/channel → channelz}/channelz_registry.h +6 -6
- data/src/core/client_channel/client_channel_filter.cc +58 -62
- data/src/core/client_channel/client_channel_filter.h +2 -4
- data/src/core/client_channel/client_channel_internal.h +3 -2
- data/src/core/client_channel/client_channel_service_config.h +1 -1
- data/src/core/client_channel/config_selector.h +4 -3
- data/src/core/client_channel/connector.h +1 -1
- data/src/core/client_channel/dynamic_filters.cc +3 -2
- data/src/core/client_channel/local_subchannel_pool.cc +5 -3
- data/src/core/client_channel/retry_filter.cc +1 -1
- data/src/core/client_channel/retry_filter.h +3 -2
- data/src/core/client_channel/retry_filter_legacy_call_data.cc +5 -4
- data/src/core/client_channel/subchannel.cc +13 -12
- data/src/core/client_channel/subchannel.h +0 -1
- data/src/core/client_channel/subchannel_stream_client.cc +5 -3
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +4 -3
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +2 -2
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +24 -16
- data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.h +10 -11
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +8 -9
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +4 -4
- data/src/core/ext/filters/http/client/http_client_filter.cc +5 -4
- data/src/core/ext/filters/http/client/http_client_filter.h +5 -5
- data/src/core/ext/filters/http/client_authority_filter.cc +4 -3
- data/src/core/ext/filters/http/client_authority_filter.h +5 -4
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +9 -8
- data/src/core/ext/filters/http/message_compress/compression_filter.h +8 -8
- data/src/core/ext/filters/http/server/http_server_filter.cc +2 -2
- data/src/core/ext/filters/http/server/http_server_filter.h +5 -5
- data/src/core/ext/filters/message_size/message_size_filter.cc +10 -19
- data/src/core/ext/filters/message_size/message_size_filter.h +8 -6
- data/src/core/ext/filters/rbac/rbac_filter.cc +11 -6
- data/src/core/ext/filters/rbac/rbac_filter.h +5 -5
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +12 -12
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +3 -2
- data/src/core/ext/gcp/metadata_query.cc +4 -3
- data/src/core/ext/gcp/metadata_query.h +2 -2
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +4 -3
- data/src/core/ext/transport/chttp2/alpn/alpn.h +2 -2
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +13 -13
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +2 -3
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +10 -10
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +3 -3
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +6 -6
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +1 -2
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -7
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -2
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +53 -52
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +2 -3
- data/src/core/ext/transport/chttp2/transport/context_list_entry.h +2 -2
- data/src/core/ext/transport/chttp2/transport/decode_huff.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/decode_huff.h +2 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.h +4 -4
- data/src/core/ext/transport/chttp2/transport/frame.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/frame.h +2 -2
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -2
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +1 -2
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +1 -2
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +1 -2
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +1 -2
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +1 -2
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +1 -2
- data/src/core/ext/transport/chttp2/transport/hpack_constants.h +2 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +1 -2
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +10 -9
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +3 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +24 -24
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -2
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/http2_settings.h +2 -2
- data/src/core/ext/transport/chttp2/transport/http_trace.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/huffsyms.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +3 -5
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.h +2 -2
- data/src/core/ext/transport/chttp2/transport/parsing.cc +14 -14
- data/src/core/ext/transport/chttp2/transport/ping_abuse_policy.cc +1 -2
- data/src/core/ext/transport/chttp2/transport/ping_abuse_policy.h +2 -2
- data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/ping_callbacks.h +1 -2
- data/src/core/ext/transport/chttp2/transport/ping_rate_policy.cc +1 -2
- data/src/core/ext/transport/chttp2/transport/ping_rate_policy.h +2 -2
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +7 -6
- data/src/core/ext/transport/chttp2/transport/varint.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/varint.h +4 -3
- data/src/core/ext/transport/chttp2/transport/write_size_policy.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/write_size_policy.h +2 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +35 -22
- data/src/core/ext/transport/inproc/inproc_transport.cc +12 -12
- data/src/core/ext/transport/inproc/inproc_transport.h +1 -2
- data/src/core/ext/transport/inproc/legacy_inproc_transport.cc +7 -8
- data/src/core/ext/transport/inproc/legacy_inproc_transport.h +1 -2
- data/src/core/{lib/transport → handshaker/endpoint_info}/endpoint_info_handshaker.cc +6 -6
- data/src/core/{lib/transport → handshaker/endpoint_info}/endpoint_info_handshaker.h +3 -3
- data/src/core/{lib/transport → handshaker}/handshaker.cc +8 -6
- data/src/core/{lib/transport → handshaker}/handshaker.h +4 -5
- data/src/core/{lib/transport → handshaker}/handshaker_factory.h +19 -3
- data/src/core/{lib/transport → handshaker}/handshaker_registry.cc +3 -3
- data/src/core/{lib/transport → handshaker}/handshaker_registry.h +6 -6
- data/src/core/{lib/transport → handshaker/http_connect}/http_connect_handshaker.cc +5 -6
- data/src/core/{lib/transport → handshaker/http_connect}/http_connect_handshaker.h +3 -3
- data/src/core/{client_channel → handshaker/http_connect}/http_proxy_mapper.cc +6 -6
- data/src/core/{client_channel → handshaker/http_connect}/http_proxy_mapper.h +6 -6
- data/src/core/{lib/handshaker → handshaker}/proxy_mapper.h +5 -5
- data/src/core/{lib/handshaker → handshaker}/proxy_mapper_registry.cc +3 -3
- data/src/core/{lib/handshaker → handshaker}/proxy_mapper_registry.h +6 -6
- data/src/core/{lib/security/transport → handshaker/security}/secure_endpoint.cc +5 -5
- data/src/core/{lib/security/transport → handshaker/security}/secure_endpoint.h +4 -5
- data/src/core/{lib/security/transport → handshaker/security}/security_handshaker.cc +11 -11
- data/src/core/{lib/security/transport → handshaker/security}/security_handshaker.h +5 -6
- data/src/core/{lib/security/transport → handshaker/security}/tsi_error.cc +2 -2
- data/src/core/{lib/security/transport → handshaker/security}/tsi_error.h +3 -3
- data/src/core/{lib/transport → handshaker/tcp_connect}/tcp_connect_handshaker.cc +8 -8
- data/src/core/{lib/transport → handshaker/tcp_connect}/tcp_connect_handshaker.h +3 -3
- data/src/core/lib/address_utils/parse_address.cc +5 -3
- data/src/core/lib/address_utils/parse_address.h +2 -2
- data/src/core/lib/address_utils/sockaddr_utils.cc +15 -9
- data/src/core/lib/address_utils/sockaddr_utils.h +2 -2
- data/src/core/lib/avl/avl.h +2 -2
- data/src/core/lib/backoff/backoff.cc +2 -2
- data/src/core/lib/backoff/backoff.h +2 -2
- data/src/core/lib/backoff/random_early_detection.cc +2 -2
- data/src/core/lib/backoff/random_early_detection.h +2 -2
- data/src/core/lib/channel/call_finalization.h +2 -2
- data/src/core/lib/channel/call_tracer.cc +7 -7
- data/src/core/lib/channel/call_tracer.h +1 -2
- data/src/core/lib/channel/channel_args.cc +4 -4
- data/src/core/lib/channel/channel_args.h +1 -2
- data/src/core/lib/channel/channel_args_preconditioning.cc +2 -2
- data/src/core/lib/channel/channel_args_preconditioning.h +1 -2
- data/src/core/lib/channel/channel_stack.cc +8 -7
- data/src/core/lib/channel/channel_stack.h +1 -2
- data/src/core/lib/channel/channel_stack_builder.cc +2 -2
- data/src/core/lib/channel/channel_stack_builder.h +2 -2
- data/src/core/lib/channel/channel_stack_builder_impl.cc +6 -13
- data/src/core/lib/channel/channel_stack_builder_impl.h +2 -2
- data/src/core/lib/channel/channel_stack_trace.cc +2 -2
- data/src/core/lib/channel/connected_channel.cc +25 -40
- data/src/core/lib/channel/context.h +29 -1
- data/src/core/lib/channel/metrics.cc +10 -72
- data/src/core/lib/channel/metrics.h +1 -42
- data/src/core/lib/channel/promise_based_filter.cc +70 -75
- data/src/core/lib/channel/promise_based_filter.h +189 -148
- data/src/core/lib/channel/status_util.cc +2 -2
- data/src/core/lib/channel/status_util.h +1 -2
- data/src/core/lib/channel/tcp_tracer.h +2 -2
- data/src/core/lib/compression/compression.cc +1 -2
- data/src/core/lib/compression/compression_internal.cc +3 -3
- data/src/core/lib/compression/compression_internal.h +1 -2
- data/src/core/lib/compression/message_compress.cc +9 -8
- data/src/core/lib/compression/message_compress.h +1 -2
- data/src/core/lib/config/config_vars.cc +2 -2
- data/src/core/lib/config/config_vars.h +2 -2
- data/src/core/lib/config/config_vars_non_generated.cc +2 -2
- data/src/core/lib/config/core_configuration.cc +9 -8
- data/src/core/lib/config/core_configuration.h +8 -8
- data/src/core/lib/config/load_config.cc +4 -4
- data/src/core/lib/config/load_config.h +2 -2
- data/src/core/lib/debug/event_log.cc +3 -3
- data/src/core/lib/debug/event_log.h +2 -2
- data/src/core/lib/debug/histogram_view.cc +2 -2
- data/src/core/lib/debug/histogram_view.h +2 -2
- data/src/core/lib/debug/stats.cc +2 -2
- data/src/core/lib/debug/stats.h +2 -2
- data/src/core/lib/debug/stats_data.cc +2 -2
- data/src/core/lib/debug/stats_data.h +2 -2
- data/src/core/lib/debug/trace.cc +1 -2
- data/src/core/lib/debug/trace.h +2 -2
- data/src/core/lib/event_engine/ares_resolver.cc +18 -19
- data/src/core/lib/event_engine/ares_resolver.h +2 -2
- data/src/core/lib/event_engine/cf_engine/cf_engine.cc +3 -1
- data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +3 -3
- data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +2 -1
- data/src/core/lib/event_engine/cf_engine/dns_service_resolver.h +2 -1
- data/src/core/lib/event_engine/channel_args_endpoint_config.cc +1 -2
- data/src/core/lib/event_engine/channel_args_endpoint_config.h +1 -2
- data/src/core/lib/event_engine/common_closures.h +1 -2
- data/src/core/lib/event_engine/default_event_engine.cc +1 -2
- data/src/core/lib/event_engine/default_event_engine.h +1 -2
- data/src/core/lib/event_engine/default_event_engine_factory.cc +1 -2
- data/src/core/lib/event_engine/default_event_engine_factory.h +1 -2
- data/src/core/lib/event_engine/event_engine.cc +1 -2
- data/src/core/lib/event_engine/event_engine_context.h +1 -2
- data/src/core/lib/event_engine/extensions/can_track_errors.h +2 -2
- data/src/core/lib/event_engine/extensions/chaotic_good_extension.h +2 -2
- data/src/core/lib/event_engine/extensions/supports_fd.h +1 -2
- data/src/core/lib/event_engine/forkable.cc +7 -6
- data/src/core/lib/event_engine/forkable.h +1 -2
- data/src/core/lib/event_engine/grpc_polled_fd.h +1 -2
- data/src/core/lib/event_engine/handle_containers.h +1 -2
- data/src/core/lib/event_engine/memory_allocator_factory.h +1 -2
- data/src/core/lib/event_engine/poller.h +1 -2
- data/src/core/lib/event_engine/posix.h +1 -2
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +8 -8
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +1 -2
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +11 -11
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +1 -2
- data/src/core/lib/event_engine/posix_engine/event_poller.h +1 -2
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +2 -2
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.h +2 -2
- data/src/core/lib/event_engine/posix_engine/grpc_polled_fd_posix.h +1 -2
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +1 -2
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +2 -2
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +3 -3
- data/src/core/lib/event_engine/posix_engine/lockfree_event.h +2 -2
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +2 -2
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +24 -25
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +11 -11
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +10 -10
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +1 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +1 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +3 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +1 -2
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +6 -6
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.h +1 -2
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +3 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +3 -3
- data/src/core/lib/event_engine/posix_engine/timer.cc +1 -2
- data/src/core/lib/event_engine/posix_engine/timer.h +1 -2
- data/src/core/lib/event_engine/posix_engine/timer_heap.cc +2 -2
- data/src/core/lib/event_engine/posix_engine/timer_heap.h +2 -2
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +5 -5
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -2
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +1 -2
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +1 -2
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +2 -2
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +2 -2
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +2 -2
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +2 -2
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +2 -2
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +2 -2
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +2 -2
- data/src/core/lib/event_engine/query_extensions.h +3 -2
- data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +1 -2
- data/src/core/lib/event_engine/resolved_address.cc +5 -4
- data/src/core/lib/event_engine/resolved_address_internal.h +1 -2
- data/src/core/lib/event_engine/shim.cc +2 -2
- data/src/core/lib/event_engine/slice.cc +4 -3
- data/src/core/lib/event_engine/slice_buffer.cc +1 -2
- data/src/core/lib/event_engine/tcp_socket_utils.cc +12 -8
- data/src/core/lib/event_engine/tcp_socket_utils.h +1 -2
- data/src/core/lib/event_engine/thread_local.cc +2 -2
- data/src/core/lib/event_engine/thread_pool/thread_count.cc +1 -2
- data/src/core/lib/event_engine/thread_pool/thread_count.h +1 -2
- data/src/core/lib/event_engine/thread_pool/thread_pool.h +1 -2
- data/src/core/lib/event_engine/thread_pool/thread_pool_factory.cc +2 -2
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +8 -8
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +1 -2
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +2 -2
- data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +1 -2
- data/src/core/lib/event_engine/time_util.cc +1 -2
- data/src/core/lib/event_engine/time_util.h +1 -2
- data/src/core/lib/event_engine/trace.cc +2 -2
- data/src/core/lib/event_engine/trace.h +1 -2
- data/src/core/lib/event_engine/utils.cc +1 -2
- data/src/core/lib/event_engine/utils.h +1 -2
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +31 -30
- data/src/core/lib/event_engine/windows/iocp.cc +10 -8
- data/src/core/lib/event_engine/windows/win_socket.cc +7 -5
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +13 -12
- data/src/core/lib/event_engine/windows/windows_engine.cc +7 -6
- data/src/core/lib/event_engine/windows/windows_listener.cc +7 -6
- data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +2 -2
- data/src/core/lib/event_engine/work_queue/basic_work_queue.h +1 -2
- data/src/core/lib/event_engine/work_queue/work_queue.h +1 -2
- data/src/core/lib/experiments/config.cc +5 -5
- data/src/core/lib/experiments/config.h +2 -2
- data/src/core/lib/experiments/experiments.cc +23 -8
- data/src/core/lib/experiments/experiments.h +23 -6
- data/src/core/lib/gpr/alloc.cc +3 -1
- data/src/core/lib/gpr/posix/sync.cc +25 -23
- data/src/core/lib/gpr/posix/time.cc +9 -6
- data/src/core/lib/gpr/posix/tmpfile.cc +3 -1
- data/src/core/lib/gpr/sync.cc +5 -3
- data/src/core/lib/gpr/time.cc +10 -8
- data/src/core/lib/gpr/windows/sync.cc +3 -1
- data/src/core/lib/gpr/windows/time.cc +4 -1
- data/src/core/lib/gprpp/atomic_utils.h +2 -2
- data/src/core/lib/gprpp/bitset.h +2 -2
- data/src/core/lib/gprpp/chunked_vector.h +6 -5
- data/src/core/lib/gprpp/construct_destruct.h +2 -2
- data/src/core/lib/gprpp/crash.cc +1 -2
- data/src/core/lib/gprpp/crash.h +2 -2
- data/src/core/lib/gprpp/debug_location.h +2 -2
- data/src/core/lib/gprpp/directory_reader.h +2 -2
- data/src/core/lib/gprpp/down_cast.h +3 -3
- data/src/core/lib/gprpp/dual_ref_counted.h +9 -8
- data/src/core/lib/gprpp/env.h +2 -2
- data/src/core/lib/gprpp/examine_stack.cc +2 -2
- data/src/core/lib/gprpp/examine_stack.h +2 -2
- data/src/core/lib/gprpp/fork.cc +1 -2
- data/src/core/lib/gprpp/fork.h +2 -2
- data/src/core/lib/gprpp/host_port.cc +6 -4
- data/src/core/lib/gprpp/host_port.h +2 -2
- data/src/core/lib/gprpp/linux/env.cc +2 -2
- data/src/core/lib/gprpp/load_file.cc +1 -2
- data/src/core/lib/gprpp/load_file.h +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +2 -2
- data/src/core/lib/gprpp/match.h +2 -2
- data/src/core/lib/gprpp/memory.h +1 -2
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/mpscq.h +5 -4
- data/src/core/lib/gprpp/no_destruct.h +2 -2
- data/src/core/lib/gprpp/notification.h +2 -2
- data/src/core/lib/gprpp/orphanable.h +2 -2
- data/src/core/lib/gprpp/overload.h +2 -2
- data/src/core/lib/gprpp/per_cpu.cc +1 -2
- data/src/core/lib/gprpp/per_cpu.h +1 -2
- data/src/core/lib/gprpp/posix/directory_reader.cc +2 -2
- data/src/core/lib/gprpp/posix/stat.cc +6 -4
- data/src/core/lib/gprpp/posix/thd.cc +10 -10
- data/src/core/lib/gprpp/ref_counted.h +5 -4
- data/src/core/lib/gprpp/ref_counted_ptr.h +2 -2
- data/src/core/lib/gprpp/ref_counted_string.cc +1 -2
- data/src/core/lib/gprpp/ref_counted_string.h +2 -2
- data/src/core/lib/gprpp/single_set_ptr.h +4 -3
- data/src/core/lib/gprpp/sorted_pack.h +2 -2
- data/src/core/lib/gprpp/stat.h +2 -2
- data/src/core/lib/gprpp/status_helper.cc +3 -3
- data/src/core/lib/gprpp/status_helper.h +2 -2
- data/src/core/lib/gprpp/strerror.cc +2 -2
- data/src/core/lib/gprpp/strerror.h +2 -2
- data/src/core/lib/gprpp/sync.h +5 -5
- data/src/core/lib/gprpp/table.h +2 -2
- data/src/core/lib/gprpp/tchar.cc +2 -2
- data/src/core/lib/gprpp/thd.h +7 -7
- data/src/core/lib/gprpp/time.cc +6 -6
- data/src/core/lib/gprpp/time.h +1 -2
- data/src/core/lib/gprpp/time_averaged_stats.cc +2 -2
- data/src/core/lib/gprpp/time_util.cc +5 -4
- data/src/core/lib/gprpp/time_util.h +1 -2
- data/src/core/lib/gprpp/unique_type_name.h +2 -2
- data/src/core/lib/gprpp/uuid_v4.cc +2 -2
- data/src/core/lib/gprpp/uuid_v4.h +2 -2
- data/src/core/lib/gprpp/validation_errors.cc +2 -2
- data/src/core/lib/gprpp/validation_errors.h +2 -2
- data/src/core/lib/gprpp/windows/stat.cc +4 -2
- data/src/core/lib/gprpp/windows/thd.cc +4 -2
- data/src/core/lib/gprpp/work_serializer.cc +5 -5
- data/src/core/lib/gprpp/work_serializer.h +1 -2
- data/src/core/lib/http/format_request.cc +1 -2
- data/src/core/lib/http/format_request.h +1 -2
- data/src/core/lib/http/httpcli.cc +6 -6
- data/src/core/lib/http/httpcli.h +2 -3
- data/src/core/lib/http/httpcli_security_connector.cc +4 -4
- data/src/core/lib/http/httpcli_ssl_credentials.h +1 -2
- data/src/core/lib/http/parser.cc +5 -5
- data/src/core/lib/http/parser.h +1 -2
- data/src/core/lib/iomgr/buffer_list.cc +1 -2
- data/src/core/lib/iomgr/buffer_list.h +1 -2
- data/src/core/lib/iomgr/call_combiner.cc +5 -4
- data/src/core/lib/iomgr/call_combiner.h +1 -2
- data/src/core/lib/iomgr/closure.cc +2 -2
- data/src/core/lib/iomgr/closure.h +4 -3
- data/src/core/lib/iomgr/combiner.cc +7 -6
- data/src/core/lib/iomgr/combiner.h +1 -2
- data/src/core/lib/iomgr/endpoint.cc +2 -2
- data/src/core/lib/iomgr/endpoint.h +1 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +7 -5
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +5 -4
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +11 -10
- data/src/core/lib/iomgr/error.cc +3 -3
- data/src/core/lib/iomgr/error.h +3 -3
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +14 -13
- data/src/core/lib/iomgr/ev_poll_posix.cc +9 -9
- data/src/core/lib/iomgr/ev_posix.cc +1 -2
- data/src/core/lib/iomgr/ev_posix.h +2 -2
- data/src/core/lib/iomgr/event_engine_shims/closure.cc +1 -2
- data/src/core/lib/iomgr/event_engine_shims/closure.h +1 -2
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +3 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.h +1 -2
- data/src/core/lib/iomgr/event_engine_shims/tcp_client.cc +1 -2
- data/src/core/lib/iomgr/event_engine_shims/tcp_client.h +1 -2
- data/src/core/lib/iomgr/exec_ctx.cc +5 -5
- data/src/core/lib/iomgr/exec_ctx.h +6 -4
- data/src/core/lib/iomgr/executor.cc +7 -8
- data/src/core/lib/iomgr/grpc_if_nametoindex.h +2 -2
- data/src/core/lib/iomgr/internal_errqueue.cc +1 -2
- data/src/core/lib/iomgr/iocp_windows.cc +9 -6
- data/src/core/lib/iomgr/iocp_windows.h +0 -1
- data/src/core/lib/iomgr/iomgr.cc +1 -2
- data/src/core/lib/iomgr/iomgr.h +2 -2
- data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
- data/src/core/lib/iomgr/iomgr_internal.h +2 -2
- data/src/core/lib/iomgr/iomgr_windows.cc +4 -2
- data/src/core/lib/iomgr/lockfree_event.cc +4 -3
- data/src/core/lib/iomgr/lockfree_event.h +1 -2
- data/src/core/lib/iomgr/polling_entity.cc +5 -5
- data/src/core/lib/iomgr/pollset.cc +2 -2
- data/src/core/lib/iomgr/pollset.h +0 -1
- data/src/core/lib/iomgr/pollset_set.cc +2 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +2 -2
- data/src/core/lib/iomgr/pollset_windows.h +0 -1
- data/src/core/lib/iomgr/python_util.h +1 -2
- data/src/core/lib/iomgr/resolve_address.cc +1 -2
- data/src/core/lib/iomgr/resolve_address.h +1 -2
- data/src/core/lib/iomgr/resolve_address_impl.h +2 -2
- data/src/core/lib/iomgr/resolve_address_posix.h +2 -2
- data/src/core/lib/iomgr/resolve_address_windows.h +2 -2
- data/src/core/lib/iomgr/resolved_address.h +2 -2
- data/src/core/lib/iomgr/sockaddr_utils_posix.cc +3 -1
- data/src/core/lib/iomgr/socket_factory_posix.h +1 -2
- data/src/core/lib/iomgr/socket_mutator.cc +1 -2
- data/src/core/lib/iomgr/socket_mutator.h +1 -2
- data/src/core/lib/iomgr/socket_utils.h +2 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +3 -1
- data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
- data/src/core/lib/iomgr/socket_utils_posix.h +1 -2
- data/src/core/lib/iomgr/socket_windows.cc +4 -3
- data/src/core/lib/iomgr/tcp_client.cc +2 -2
- data/src/core/lib/iomgr/tcp_client.h +1 -2
- data/src/core/lib/iomgr/tcp_client_posix.cc +5 -4
- data/src/core/lib/iomgr/tcp_client_windows.cc +7 -5
- data/src/core/lib/iomgr/tcp_posix.cc +42 -41
- data/src/core/lib/iomgr/tcp_server.cc +2 -2
- data/src/core/lib/iomgr/tcp_server.h +1 -2
- data/src/core/lib/iomgr/tcp_server_posix.cc +23 -23
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +2 -2
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +6 -6
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +2 -1
- data/src/core/lib/iomgr/tcp_server_windows.cc +15 -14
- data/src/core/lib/iomgr/tcp_windows.cc +8 -6
- data/src/core/lib/iomgr/timer.cc +2 -2
- data/src/core/lib/iomgr/timer.h +1 -2
- data/src/core/lib/iomgr/timer_generic.cc +3 -3
- data/src/core/lib/iomgr/timer_generic.h +0 -1
- data/src/core/lib/iomgr/timer_heap.cc +1 -2
- data/src/core/lib/iomgr/timer_manager.cc +4 -3
- data/src/core/lib/iomgr/timer_manager.h +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +2 -1
- data/src/core/lib/iomgr/unix_sockets_posix.h +1 -2
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +3 -1
- data/src/core/lib/iomgr/vsock.cc +2 -2
- data/src/core/lib/iomgr/vsock.h +1 -2
- data/src/core/lib/json/json.h +1 -2
- data/src/core/lib/json/json_args.h +2 -2
- data/src/core/lib/json/json_channel_args.h +2 -2
- data/src/core/lib/json/json_object_loader.cc +1 -2
- data/src/core/lib/json/json_object_loader.h +2 -2
- data/src/core/lib/json/json_reader.cc +4 -4
- data/src/core/lib/json/json_reader.h +2 -2
- data/src/core/lib/json/json_util.cc +2 -2
- data/src/core/lib/json/json_util.h +2 -2
- data/src/core/lib/json/json_writer.cc +2 -2
- data/src/core/lib/json/json_writer.h +2 -2
- data/src/core/lib/matchers/matchers.cc +2 -2
- data/src/core/lib/matchers/matchers.h +2 -2
- data/src/core/lib/promise/activity.cc +4 -3
- data/src/core/lib/promise/activity.h +7 -7
- data/src/core/lib/promise/all_ok.h +2 -2
- data/src/core/lib/promise/arena_promise.h +2 -2
- data/src/core/lib/promise/context.h +3 -3
- data/src/core/lib/promise/detail/join_state.h +11 -10
- data/src/core/lib/promise/detail/promise_factory.h +2 -2
- data/src/core/lib/promise/detail/promise_like.h +2 -2
- data/src/core/lib/promise/detail/seq_state.h +194 -194
- data/src/core/lib/promise/detail/status.h +4 -3
- data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +2 -2
- data/src/core/lib/promise/for_each.h +88 -27
- data/src/core/lib/promise/if.h +2 -2
- data/src/core/lib/promise/interceptor_list.h +3 -3
- data/src/core/lib/promise/latch.h +8 -8
- data/src/core/lib/promise/loop.h +2 -2
- data/src/core/lib/promise/map.h +2 -2
- data/src/core/lib/promise/party.cc +14 -14
- data/src/core/lib/promise/party.h +9 -9
- data/src/core/lib/promise/pipe.h +15 -15
- data/src/core/lib/promise/poll.h +6 -5
- data/src/core/lib/promise/prioritized_race.h +2 -2
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/promise/race.h +2 -2
- data/src/core/lib/promise/seq.h +2 -2
- data/src/core/lib/promise/sleep.cc +1 -2
- data/src/core/lib/promise/sleep.h +1 -2
- data/src/core/lib/promise/status_flag.h +8 -8
- data/src/core/lib/promise/trace.cc +2 -2
- data/src/core/lib/promise/try_join.h +4 -3
- data/src/core/lib/promise/try_seq.h +4 -3
- data/src/core/lib/resource_quota/api.cc +1 -2
- data/src/core/lib/resource_quota/api.h +1 -2
- data/src/core/lib/resource_quota/arena.cc +1 -2
- data/src/core/lib/resource_quota/arena.h +1 -2
- data/src/core/lib/resource_quota/connection_quota.cc +8 -9
- data/src/core/lib/resource_quota/connection_quota.h +2 -2
- data/src/core/lib/resource_quota/memory_quota.cc +11 -11
- data/src/core/lib/resource_quota/memory_quota.h +4 -4
- data/src/core/lib/resource_quota/periodic_update.cc +2 -2
- data/src/core/lib/resource_quota/periodic_update.h +2 -2
- data/src/core/lib/resource_quota/resource_quota.cc +2 -2
- data/src/core/lib/resource_quota/resource_quota.h +1 -2
- data/src/core/lib/resource_quota/thread_quota.cc +4 -3
- data/src/core/lib/resource_quota/thread_quota.h +2 -2
- data/src/core/lib/resource_quota/trace.cc +2 -2
- data/src/core/lib/security/authorization/audit_logging.cc +6 -6
- data/src/core/lib/security/authorization/audit_logging.h +1 -2
- data/src/core/lib/security/authorization/authorization_engine.h +2 -2
- data/src/core/lib/security/authorization/authorization_policy_provider.h +1 -2
- data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +1 -2
- data/src/core/lib/security/authorization/evaluate_args.cc +2 -3
- data/src/core/lib/security/authorization/evaluate_args.h +1 -2
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +4 -3
- data/src/core/lib/security/authorization/grpc_authorization_engine.h +1 -2
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +4 -5
- data/src/core/lib/security/authorization/grpc_server_authz_filter.h +7 -8
- data/src/core/lib/security/authorization/matchers.cc +1 -2
- data/src/core/lib/security/authorization/matchers.h +2 -2
- data/src/core/lib/security/authorization/rbac_policy.cc +2 -2
- data/src/core/lib/security/authorization/rbac_policy.h +1 -2
- data/src/core/lib/security/authorization/stdout_logger.cc +4 -3
- data/src/core/lib/security/authorization/stdout_logger.h +1 -2
- data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +2 -2
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +4 -3
- data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +2 -2
- data/src/core/lib/security/context/security_context.cc +5 -3
- data/src/core/lib/security/context/security_context.h +2 -2
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +1 -2
- data/src/core/lib/security/credentials/alts/alts_credentials.h +2 -2
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +1 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +1 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +2 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -2
- data/src/core/lib/security/credentials/call_creds_util.cc +1 -2
- data/src/core/lib/security/credentials/call_creds_util.h +2 -2
- data/src/core/lib/security/credentials/channel_creds_registry.h +2 -2
- data/src/core/lib/security/credentials/channel_creds_registry_init.cc +2 -2
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +9 -8
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.cc +4 -3
- data/src/core/lib/security/credentials/credentials.h +5 -4
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +5 -4
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +2 -2
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -2
- data/src/core/lib/security/credentials/external/aws_request_signer.h +2 -2
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +7 -6
- data/src/core/lib/security/credentials/external/external_account_credentials.h +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +2 -2
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +4 -3
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +2 -2
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +8 -7
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +2 -2
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +5 -5
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/insecure/insecure_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +5 -4
- data/src/core/lib/security/credentials/jwt/json_token.h +1 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +15 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +1 -2
- data/src/core/lib/security/credentials/local/local_credentials.cc +1 -2
- data/src/core/lib/security/credentials/local/local_credentials.h +2 -2
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +9 -8
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +2 -2
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +3 -3
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +13 -13
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +5 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +26 -25
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_match.cc +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +7 -6
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +3 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +3 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +4 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +19 -18
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +1 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +2 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -2
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +1 -2
- data/src/core/lib/security/credentials/tls/tls_credentials.h +2 -2
- data/src/core/lib/security/credentials/tls/tls_utils.cc +1 -2
- data/src/core/lib/security/credentials/tls/tls_utils.h +1 -2
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +7 -7
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +14 -14
- data/src/core/lib/security/security_connector/alts/alts_security_connector.h +2 -2
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/fake/fake_security_connector.h +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +6 -5
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +3 -3
- data/src/core/lib/security/security_connector/load_system_roots.h +1 -2
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +2 -2
- data/src/core/lib/security/security_connector/load_system_roots_supported.h +1 -2
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +11 -11
- data/src/core/lib/security/security_connector/local/local_security_connector.h +2 -2
- data/src/core/lib/security/security_connector/security_connector.cc +7 -6
- data/src/core/lib/security/security_connector/security_connector.h +3 -3
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +6 -6
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +2 -2
- data/src/core/lib/security/security_connector/ssl_utils.cc +10 -9
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +13 -13
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +3 -3
- data/src/core/lib/security/transport/auth_filters.h +13 -13
- data/src/core/lib/security/transport/client_auth_filter.cc +6 -5
- data/src/core/lib/security/transport/server_auth_filter.cc +7 -5
- data/src/core/lib/security/util/json_util.cc +1 -2
- data/src/core/lib/slice/percent_encoding.cc +4 -3
- data/src/core/lib/slice/slice.cc +11 -10
- data/src/core/lib/slice/slice.h +4 -4
- data/src/core/lib/slice/slice_buffer.cc +15 -14
- data/src/core/lib/slice/slice_buffer.h +1 -2
- data/src/core/lib/slice/slice_internal.h +3 -3
- data/src/core/lib/slice/slice_refcount.cc +2 -2
- data/src/core/lib/slice/slice_refcount.h +1 -2
- data/src/core/lib/slice/slice_string_helpers.cc +2 -2
- data/src/core/lib/slice/slice_string_helpers.h +1 -2
- data/src/core/lib/surface/api_trace.cc +2 -2
- data/src/core/lib/surface/api_trace.h +1 -2
- data/src/core/lib/surface/byte_buffer.cc +1 -2
- data/src/core/lib/surface/byte_buffer_reader.cc +4 -3
- data/src/core/lib/surface/call.cc +168 -290
- data/src/core/lib/surface/call.h +180 -10
- data/src/core/lib/surface/call_details.cc +1 -2
- data/src/core/lib/surface/call_log_batch.cc +1 -2
- data/src/core/lib/surface/call_test_only.h +1 -2
- data/src/core/lib/surface/channel.cc +9 -8
- data/src/core/lib/surface/channel.h +2 -3
- data/src/core/lib/surface/channel_create.cc +4 -3
- data/src/core/lib/surface/channel_create.h +2 -2
- data/src/core/lib/surface/channel_init.cc +6 -6
- data/src/core/lib/surface/channel_init.h +13 -8
- data/src/core/lib/surface/channel_stack_type.cc +2 -2
- data/src/core/lib/surface/completion_queue.cc +17 -18
- data/src/core/lib/surface/completion_queue.h +1 -2
- data/src/core/lib/surface/completion_queue_factory.cc +9 -8
- data/src/core/lib/surface/completion_queue_factory.h +1 -2
- data/src/core/lib/surface/event_string.cc +2 -2
- data/src/core/lib/surface/event_string.h +1 -2
- data/src/core/lib/surface/init.cc +1 -2
- data/src/core/lib/surface/init_internally.cc +2 -2
- data/src/core/lib/surface/lame_client.cc +9 -12
- data/src/core/lib/surface/lame_client.h +6 -11
- data/src/core/lib/surface/legacy_channel.cc +9 -9
- data/src/core/lib/surface/legacy_channel.h +2 -3
- data/src/core/lib/surface/metadata_array.cc +1 -2
- data/src/core/lib/surface/validate_metadata.cc +1 -2
- data/src/core/lib/surface/validate_metadata.h +3 -3
- data/src/core/lib/surface/version.cc +3 -4
- data/src/core/lib/surface/wait_for_cq_end_op.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +7 -5
- data/src/core/lib/transport/batch_builder.h +4 -6
- data/src/core/lib/transport/bdp_estimator.cc +5 -3
- data/src/core/lib/transport/bdp_estimator.h +4 -4
- data/src/core/lib/transport/{call_size_estimator.cc → call_arena_allocator.cc} +3 -3
- data/src/core/lib/transport/{call_size_estimator.h → call_arena_allocator.h} +26 -5
- data/src/core/lib/transport/call_filters.cc +28 -13
- data/src/core/lib/transport/call_filters.h +123 -73
- data/src/core/lib/transport/call_final_info.cc +2 -2
- data/src/core/lib/transport/call_final_info.h +1 -2
- data/src/core/lib/transport/call_spine.cc +18 -19
- data/src/core/lib/transport/call_spine.h +387 -189
- data/src/core/lib/transport/connectivity_state.cc +1 -2
- data/src/core/lib/transport/connectivity_state.h +1 -2
- data/src/core/lib/transport/error_utils.cc +1 -2
- data/src/core/lib/transport/error_utils.h +1 -2
- data/src/core/lib/transport/message.cc +1 -2
- data/src/core/lib/transport/metadata.cc +2 -2
- data/src/core/lib/transport/metadata_batch.cc +2 -2
- data/src/core/lib/transport/metadata_batch.h +33 -4
- data/src/core/lib/transport/metadata_compression_traits.h +2 -2
- data/src/core/lib/transport/metadata_info.cc +2 -2
- data/src/core/lib/transport/parsed_metadata.cc +2 -2
- data/src/core/lib/transport/parsed_metadata.h +1 -2
- data/src/core/lib/transport/simple_slice_based_metadata.h +2 -2
- data/src/core/lib/transport/status_conversion.cc +2 -2
- data/src/core/lib/transport/status_conversion.h +1 -2
- data/src/core/lib/transport/timeout_encoding.cc +5 -5
- data/src/core/lib/transport/timeout_encoding.h +2 -2
- data/src/core/lib/transport/transport.cc +1 -2
- data/src/core/lib/transport/transport.h +41 -38
- data/src/core/lib/transport/transport_op_string.cc +1 -2
- data/src/core/lib/uri/uri_parser.cc +3 -3
- data/src/core/lib/uri/uri_parser.h +2 -2
- data/src/core/load_balancing/address_filtering.cc +2 -2
- data/src/core/load_balancing/address_filtering.h +2 -2
- data/src/core/load_balancing/backend_metric_data.h +2 -2
- data/src/core/load_balancing/backend_metric_parser.cc +2 -2
- data/src/core/load_balancing/backend_metric_parser.h +2 -2
- data/src/core/load_balancing/child_policy_handler.cc +6 -6
- data/src/core/load_balancing/child_policy_handler.h +2 -2
- data/src/core/load_balancing/delegating_helper.h +2 -3
- data/src/core/load_balancing/endpoint_list.cc +6 -8
- data/src/core/load_balancing/endpoint_list.h +15 -9
- data/src/core/load_balancing/grpclb/client_load_reporting_filter.cc +28 -30
- data/src/core/load_balancing/grpclb/client_load_reporting_filter.h +19 -8
- data/src/core/load_balancing/grpclb/grpclb.cc +26 -26
- data/src/core/load_balancing/grpclb/grpclb_balancer_addresses.cc +2 -2
- data/src/core/load_balancing/grpclb/grpclb_balancer_addresses.h +1 -2
- data/src/core/load_balancing/grpclb/grpclb_client_stats.cc +1 -2
- data/src/core/load_balancing/grpclb/grpclb_client_stats.h +1 -2
- data/src/core/load_balancing/grpclb/load_balancer_api.cc +1 -2
- data/src/core/load_balancing/grpclb/load_balancer_api.h +2 -3
- data/src/core/load_balancing/health_check_client.cc +4 -5
- data/src/core/load_balancing/health_check_client.h +2 -2
- data/src/core/load_balancing/health_check_client_internal.h +1 -2
- data/src/core/load_balancing/lb_policy.cc +2 -2
- data/src/core/load_balancing/lb_policy.h +1 -2
- data/src/core/load_balancing/lb_policy_factory.h +2 -2
- data/src/core/load_balancing/lb_policy_registry.cc +3 -3
- data/src/core/load_balancing/lb_policy_registry.h +2 -2
- data/src/core/load_balancing/oob_backend_metric.cc +4 -5
- data/src/core/load_balancing/oob_backend_metric.h +2 -2
- data/src/core/load_balancing/oob_backend_metric_internal.h +1 -2
- data/src/core/load_balancing/outlier_detection/outlier_detection.cc +3 -3
- data/src/core/load_balancing/outlier_detection/outlier_detection.h +2 -2
- data/src/core/load_balancing/pick_first/pick_first.cc +1107 -122
- data/src/core/load_balancing/priority/priority.cc +15 -10
- data/src/core/load_balancing/ring_hash/ring_hash.cc +34 -17
- data/src/core/load_balancing/ring_hash/ring_hash.h +2 -2
- data/src/core/load_balancing/rls/rls.cc +24 -17
- data/src/core/load_balancing/round_robin/round_robin.cc +26 -15
- data/src/core/load_balancing/subchannel_interface.h +1 -2
- data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +4 -4
- data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.h +2 -2
- data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +25 -15
- data/src/core/load_balancing/weighted_target/weighted_target.cc +8 -8
- data/src/core/load_balancing/weighted_target/weighted_target.h +1 -1
- data/src/core/load_balancing/xds/cds.cc +11 -12
- data/src/core/load_balancing/xds/xds_cluster_impl.cc +12 -10
- data/src/core/load_balancing/xds/xds_cluster_manager.cc +2 -3
- data/src/core/load_balancing/xds/xds_override_host.cc +6 -6
- data/src/core/load_balancing/xds/xds_override_host.h +2 -2
- data/src/core/load_balancing/xds/xds_wrr_locality.cc +2 -3
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -9
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +1 -2
- data/src/core/resolver/binder/binder_resolver.cc +4 -4
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +5 -6
- data/src/core/resolver/dns/c_ares/dns_resolver_ares.h +2 -2
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver.h +3 -3
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -3
- data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +35 -34
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +13 -13
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -2
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +1 -1
- data/src/core/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/resolver/dns/dns_resolver_plugin.cc +4 -5
- data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +5 -5
- data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.h +3 -3
- data/src/core/resolver/dns/event_engine/service_config_helper.cc +2 -2
- data/src/core/resolver/dns/event_engine/service_config_helper.h +2 -2
- data/src/core/resolver/dns/native/dns_resolver.cc +3 -4
- data/src/core/resolver/endpoint_addresses.cc +4 -4
- data/src/core/resolver/endpoint_addresses.h +2 -2
- data/src/core/resolver/fake/fake_resolver.cc +4 -4
- data/src/core/resolver/fake/fake_resolver.h +1 -2
- data/src/core/resolver/google_c2p/google_c2p_resolver.cc +9 -9
- data/src/core/resolver/polling_resolver.cc +5 -5
- data/src/core/resolver/polling_resolver.h +1 -2
- data/src/core/resolver/resolver.cc +2 -2
- data/src/core/resolver/resolver.h +2 -2
- data/src/core/resolver/resolver_factory.h +3 -3
- data/src/core/resolver/resolver_registry.cc +5 -5
- data/src/core/resolver/resolver_registry.h +3 -3
- data/src/core/resolver/sockaddr/sockaddr_resolver.cc +2 -3
- data/src/core/resolver/xds/xds_dependency_manager.cc +5 -4
- data/src/core/resolver/xds/xds_dependency_manager.h +7 -7
- data/src/core/resolver/xds/xds_resolver.cc +19 -24
- data/src/core/resolver/xds/xds_resolver_attributes.h +2 -2
- data/src/core/resolver/xds/xds_resolver_trace.cc +2 -2
- data/src/core/{lib/surface → server}/server.cc +61 -59
- data/src/core/{lib/surface → server}/server.h +7 -8
- data/src/core/{lib/channel → server}/server_call_tracer_filter.cc +10 -7
- data/src/core/{lib/channel → server}/server_call_tracer_filter.h +3 -3
- data/src/core/{ext/filters/server_config_selector → server}/server_config_selector.h +5 -5
- data/src/core/{ext/filters/server_config_selector → server}/server_config_selector_filter.cc +36 -37
- data/src/core/{ext/filters/server_config_selector → server}/server_config_selector_filter.h +3 -3
- data/src/core/{lib/surface → server}/server_interface.h +4 -4
- data/src/core/{ext/xds → server}/xds_channel_stack_modifier.cc +3 -3
- data/src/core/{ext/xds → server}/xds_channel_stack_modifier.h +4 -5
- data/src/core/{ext/xds → server}/xds_server_config_fetcher.cc +23 -22
- data/src/core/service_config/service_config.h +1 -2
- data/src/core/service_config/service_config_call_data.h +2 -2
- data/src/core/service_config/service_config_channel_arg_filter.cc +6 -7
- data/src/core/service_config/service_config_impl.cc +2 -2
- data/src/core/service_config/service_config_impl.h +3 -3
- data/src/core/service_config/service_config_parser.cc +1 -2
- data/src/core/service_config/service_config_parser.h +2 -2
- data/src/core/tsi/alts/crypt/aes_gcm.cc +1 -2
- data/src/core/tsi/alts/crypt/gsec.cc +1 -2
- data/src/core/tsi/alts/crypt/gsec.h +1 -2
- data/src/core/tsi/alts/frame_protector/alts_counter.cc +1 -2
- data/src/core/tsi/alts/frame_protector/alts_counter.h +1 -2
- data/src/core/tsi/alts/frame_protector/alts_crypter.cc +1 -2
- data/src/core/tsi/alts/frame_protector/alts_crypter.h +1 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +2 -2
- data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +1 -2
- data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +1 -2
- data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +1 -2
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -2
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +1 -2
- data/src/core/tsi/alts/frame_protector/frame_handler.h +2 -2
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +38 -37
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +1 -2
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +5 -4
- data/src/core/tsi/alts/handshaker/alts_shared_resource.h +1 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +22 -20
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +5 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +1 -2
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -2
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +1 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +5 -4
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +2 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +1 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +2 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +1 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +9 -5
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +1 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +2 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +5 -4
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +2 -2
- data/src/core/tsi/fake_transport_security.cc +6 -4
- data/src/core/tsi/local_transport_security.cc +1 -2
- data/src/core/tsi/local_transport_security.h +1 -2
- data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +6 -5
- data/src/core/tsi/ssl/key_logging/ssl_key_logging.h +1 -2
- data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +11 -10
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +1 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +3 -4
- data/src/core/tsi/ssl_transport_security.cc +20 -19
- data/src/core/tsi/ssl_transport_security.h +1 -2
- data/src/core/tsi/ssl_transport_security_utils.cc +11 -10
- data/src/core/tsi/ssl_transport_security_utils.h +1 -2
- data/src/core/tsi/ssl_types.h +2 -2
- data/src/core/tsi/transport_security.cc +1 -2
- data/src/core/tsi/transport_security.h +2 -2
- data/src/core/tsi/transport_security_grpc.cc +2 -2
- data/src/core/tsi/transport_security_grpc.h +1 -2
- data/src/core/tsi/transport_security_interface.h +2 -2
- data/src/core/{ext/xds → xds/grpc}/certificate_provider_store.cc +2 -3
- data/src/core/{ext/xds → xds/grpc}/certificate_provider_store.h +4 -5
- data/src/core/{ext/xds → xds/grpc}/file_watcher_certificate_provider_factory.cc +2 -3
- data/src/core/{ext/xds → xds/grpc}/file_watcher_certificate_provider_factory.h +4 -5
- data/src/core/{ext/xds → xds/grpc}/upb_utils.h +5 -5
- data/src/core/{ext/xds → xds/grpc}/xds_audit_logger_registry.cc +4 -4
- data/src/core/{ext/xds → xds/grpc}/xds_audit_logger_registry.h +6 -6
- data/src/core/{ext/xds → xds/grpc}/xds_bootstrap_grpc.cc +2 -3
- data/src/core/{ext/xds → xds/grpc}/xds_bootstrap_grpc.h +11 -11
- data/src/core/{ext/xds → xds/grpc}/xds_certificate_provider.cc +5 -5
- data/src/core/{ext/xds → xds/grpc}/xds_certificate_provider.h +4 -5
- data/src/core/{ext/xds → xds/grpc}/xds_client_grpc.cc +25 -12
- data/src/core/{ext/xds → xds/grpc}/xds_client_grpc.h +8 -9
- data/src/core/{ext/xds → xds/grpc}/xds_cluster.cc +18 -9
- data/src/core/{ext/xds → xds/grpc}/xds_cluster.h +11 -12
- data/src/core/{ext/xds → xds/grpc}/xds_cluster_specifier_plugin.cc +4 -4
- data/src/core/{ext/xds → xds/grpc}/xds_cluster_specifier_plugin.h +6 -6
- data/src/core/{ext/xds → xds/grpc}/xds_common_types.cc +5 -6
- data/src/core/{ext/xds → xds/grpc}/xds_common_types.h +6 -6
- data/src/core/{ext/xds → xds/grpc}/xds_endpoint.cc +7 -7
- data/src/core/{ext/xds → xds/grpc}/xds_endpoint.h +9 -9
- data/src/core/{ext/xds → xds/grpc}/xds_health_status.cc +3 -3
- data/src/core/{ext/xds → xds/grpc}/xds_health_status.h +5 -5
- data/src/core/{ext/xds → xds/grpc}/xds_http_fault_filter.cc +4 -5
- data/src/core/{ext/xds → xds/grpc}/xds_http_fault_filter.h +8 -8
- data/src/core/{ext/xds → xds/grpc}/xds_http_filters.cc +8 -9
- data/src/core/{ext/xds → xds/grpc}/xds_http_filters.h +7 -7
- data/src/core/{ext/xds → xds/grpc}/xds_http_rbac_filter.cc +6 -7
- data/src/core/{ext/xds → xds/grpc}/xds_http_rbac_filter.h +8 -8
- data/src/core/{ext/xds → xds/grpc}/xds_http_stateful_session_filter.cc +5 -6
- data/src/core/{ext/xds → xds/grpc}/xds_http_stateful_session_filter.h +8 -8
- data/src/core/{ext/xds → xds/grpc}/xds_lb_policy_registry.cc +3 -4
- data/src/core/{ext/xds → xds/grpc}/xds_lb_policy_registry.h +6 -6
- data/src/core/{ext/xds → xds/grpc}/xds_listener.cc +8 -8
- data/src/core/{ext/xds → xds/grpc}/xds_listener.h +12 -12
- data/src/core/{ext/xds → xds/grpc}/xds_route_config.cc +16 -16
- data/src/core/{ext/xds → xds/grpc}/xds_route_config.h +11 -11
- data/src/core/{ext/xds → xds/grpc}/xds_routing.cc +6 -6
- data/src/core/{ext/xds → xds/grpc}/xds_routing.h +8 -8
- data/src/core/{ext/xds → xds/grpc}/xds_transport_grpc.cc +14 -14
- data/src/core/{ext/xds → xds/grpc}/xds_transport_grpc.h +6 -7
- data/src/core/{ext/xds → xds/xds_client}/xds_api.cc +4 -5
- data/src/core/{ext/xds → xds/xds_client}/xds_api.h +7 -7
- data/src/core/{ext/xds → xds/xds_client}/xds_bootstrap.cc +3 -3
- data/src/core/{ext/xds → xds/xds_client}/xds_bootstrap.h +5 -5
- data/src/core/{ext/xds → xds/xds_client}/xds_channel_args.h +3 -3
- data/src/core/{ext/xds → xds/xds_client}/xds_client.cc +21 -17
- data/src/core/{ext/xds → xds/xds_client}/xds_client.h +10 -11
- data/src/core/{ext/xds → xds/xds_client}/xds_client_stats.cc +3 -4
- data/src/core/{ext/xds → xds/xds_client}/xds_client_stats.h +6 -6
- data/src/core/{ext/xds → xds/xds_client}/xds_metrics.h +7 -5
- data/src/core/{ext/xds → xds/xds_client}/xds_resource_type.h +6 -6
- data/src/core/{ext/xds → xds/xds_client}/xds_resource_type_impl.h +7 -7
- data/src/core/{ext/xds → xds/xds_client}/xds_transport.h +6 -6
- data/src/ruby/ext/grpc/rb_call_credentials.c +1 -0
- data/src/ruby/ext/grpc/rb_call_credentials.h +1 -0
- data/src/ruby/ext/grpc/rb_channel.c +1 -0
- data/src/ruby/ext/grpc/rb_channel_credentials.c +1 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +130 -130
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +196 -195
- data/src/ruby/ext/grpc/rb_server.c +1 -0
- data/src/ruby/ext/grpc/rb_server_credentials.c +1 -0
- data/src/ruby/ext/grpc/rb_server_credentials.h +1 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +1 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +1 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +1 -0
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/log/check.h +209 -0
- data/third_party/abseil-cpp/absl/log/internal/check_impl.h +150 -0
- data/third_party/abseil-cpp/absl/log/internal/check_op.cc +118 -0
- data/third_party/abseil-cpp/absl/log/internal/check_op.h +420 -0
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +25 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_des.c +48 -66
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +20 -28
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +9 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +7 -7
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +26 -17
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +81 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +41 -120
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +13 -13
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dh.c +137 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dh_asn1.c +120 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +6 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +8 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +14 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +11 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +22 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +73 -29
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +33 -17
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +18 -9
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +44 -41
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +13 -12
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +26 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/v3_cpols.c +9 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/v3_crld.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/v3_info.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/v3_lib.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +21 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -6
- data/third_party/boringssl-with-bazel/{err_data.c → src/gen/crypto/err_data.c} +487 -485
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +77 -36
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +12 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +17 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +10 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +25 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/evp_errors.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +15 -3
- data/third_party/boringssl-with-bazel/src/{crypto/spx/internal.h → include/openssl/experimental/spx.h} +24 -13
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +63 -53
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +19 -10
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +275 -69
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +10 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +13 -10
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2957 -2456
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +3 -9
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +43 -43
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +17 -7
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +67 -15
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +143 -113
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +227 -167
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +59 -385
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +21 -19
- data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +423 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +70 -54
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +59 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +6 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +48 -116
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +19 -26
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +36 -3
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +53 -18
- metadata +109 -108
- data/src/core/client_channel/client_channel_channelz.cc +0 -93
- data/src/core/client_channel/client_channel_channelz.h +0 -85
- data/src/core/ext/filters/deadline/deadline_filter.cc +0 -407
- data/src/core/ext/filters/deadline/deadline_filter.h +0 -85
- data/src/core/lib/gpr/log_internal.h +0 -55
- data/third_party/boringssl-with-bazel/src/include/openssl/pki/certificate.h +0 -83
- data/third_party/boringssl-with-bazel/src/include/openssl/pki/signature_verify_cache.h +0 -41
- /data/third_party/boringssl-with-bazel/src/include/openssl/{kyber.h → experimental/kyber.h} +0 -0
@@ -101,1157 +101,6 @@ GRPCAPI void grpc_auth_context_add_cstring_property(grpc_auth_context* ctx,
|
|
101
101
|
GRPCAPI int grpc_auth_context_set_peer_identity_property_name(
|
102
102
|
grpc_auth_context* ctx, const char* name);
|
103
103
|
|
104
|
-
/** --- SSL Session Cache. ---
|
105
|
-
|
106
|
-
A SSL session cache object represents a way to cache client sessions
|
107
|
-
between connections. Only ticket-based resumption is supported. */
|
108
|
-
|
109
|
-
typedef struct grpc_ssl_session_cache grpc_ssl_session_cache;
|
110
|
-
|
111
|
-
/** Create LRU cache for client-side SSL sessions with the given capacity.
|
112
|
-
If capacity is < 1, a default capacity is used instead. */
|
113
|
-
GRPCAPI grpc_ssl_session_cache* grpc_ssl_session_cache_create_lru(
|
114
|
-
size_t capacity);
|
115
|
-
|
116
|
-
/** Destroy SSL session cache. */
|
117
|
-
GRPCAPI void grpc_ssl_session_cache_destroy(grpc_ssl_session_cache* cache);
|
118
|
-
|
119
|
-
/** Create a channel arg with the given cache object. */
|
120
|
-
GRPCAPI grpc_arg
|
121
|
-
grpc_ssl_session_cache_create_channel_arg(grpc_ssl_session_cache* cache);
|
122
|
-
|
123
|
-
/** --- grpc_call_credentials object.
|
124
|
-
|
125
|
-
A call credentials object represents a way to authenticate on a particular
|
126
|
-
call. These credentials can be composed with a channel credentials object
|
127
|
-
so that they are sent with every call on this channel. */
|
128
|
-
|
129
|
-
typedef struct grpc_call_credentials grpc_call_credentials;
|
130
|
-
|
131
|
-
/** Releases a call credentials object.
|
132
|
-
The creator of the credentials object is responsible for its release. */
|
133
|
-
GRPCAPI void grpc_call_credentials_release(grpc_call_credentials* creds);
|
134
|
-
|
135
|
-
/** Creates default credentials to connect to a google gRPC service.
|
136
|
-
WARNING: Do NOT use this credentials to connect to a non-google service as
|
137
|
-
this could result in an oauth2 token leak. The security level of the
|
138
|
-
resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
|
139
|
-
|
140
|
-
If specified, the supplied call credentials object will be attached to the
|
141
|
-
returned channel credentials object. The call_credentials object must remain
|
142
|
-
valid throughout the lifetime of the returned grpc_channel_credentials
|
143
|
-
object. It is expected that the call credentials object was generated
|
144
|
-
according to the Application Default Credentials mechanism and asserts the
|
145
|
-
identity of the default service account of the machine. Supplying any other
|
146
|
-
sort of call credential will result in undefined behavior, up to and
|
147
|
-
including the sudden and unexpected failure of RPCs.
|
148
|
-
|
149
|
-
If nullptr is supplied, the returned channel credentials object will use a
|
150
|
-
call credentials object based on the Application Default Credentials
|
151
|
-
mechanism.
|
152
|
-
*/
|
153
|
-
GRPCAPI grpc_channel_credentials* grpc_google_default_credentials_create(
|
154
|
-
grpc_call_credentials* call_credentials);
|
155
|
-
|
156
|
-
/** Callback for getting the SSL roots override from the application.
|
157
|
-
In case of success, *pem_roots_certs must be set to a NULL terminated string
|
158
|
-
containing the list of PEM encoded root certificates. The ownership is passed
|
159
|
-
to the core and freed (laster by the core) with gpr_free.
|
160
|
-
If this function fails and GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is
|
161
|
-
set to a valid path, it will override the roots specified this func */
|
162
|
-
typedef grpc_ssl_roots_override_result (*grpc_ssl_roots_override_callback)(
|
163
|
-
char** pem_root_certs);
|
164
|
-
|
165
|
-
/** Setup a callback to override the default TLS/SSL roots.
|
166
|
-
This function is not thread-safe and must be called at initialization time
|
167
|
-
before any ssl credentials are created to have the desired side effect.
|
168
|
-
If GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set to a valid path, the
|
169
|
-
callback will not be called. */
|
170
|
-
GRPCAPI void grpc_set_ssl_roots_override_callback(
|
171
|
-
grpc_ssl_roots_override_callback cb);
|
172
|
-
|
173
|
-
/** Object that holds a private key / certificate chain pair in PEM format. */
|
174
|
-
typedef struct {
|
175
|
-
/** private_key is the NULL-terminated string containing the PEM encoding of
|
176
|
-
the client's private key. */
|
177
|
-
const char* private_key;
|
178
|
-
|
179
|
-
/** cert_chain is the NULL-terminated string containing the PEM encoding of
|
180
|
-
the client's certificate chain. */
|
181
|
-
const char* cert_chain;
|
182
|
-
} grpc_ssl_pem_key_cert_pair;
|
183
|
-
|
184
|
-
/** Deprecated in favor of grpc_ssl_verify_peer_options. It will be removed
|
185
|
-
after all of its call sites are migrated to grpc_ssl_verify_peer_options.
|
186
|
-
Object that holds additional peer-verification options on a secure
|
187
|
-
channel. */
|
188
|
-
typedef struct {
|
189
|
-
/** If non-NULL this callback will be invoked with the expected
|
190
|
-
target_name, the peer's certificate (in PEM format), and whatever
|
191
|
-
userdata pointer is set below. If a non-zero value is returned by this
|
192
|
-
callback then it is treated as a verification failure. Invocation of
|
193
|
-
the callback is blocking, so any implementation should be light-weight.
|
194
|
-
*/
|
195
|
-
int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
|
196
|
-
void* userdata);
|
197
|
-
/** Arbitrary userdata that will be passed as the last argument to
|
198
|
-
verify_peer_callback. */
|
199
|
-
void* verify_peer_callback_userdata;
|
200
|
-
/** A destruct callback that will be invoked when the channel is being
|
201
|
-
cleaned up. The userdata argument will be passed to it. The intent is
|
202
|
-
to perform any cleanup associated with that userdata. */
|
203
|
-
void (*verify_peer_destruct)(void* userdata);
|
204
|
-
} verify_peer_options;
|
205
|
-
|
206
|
-
/** Object that holds additional peer-verification options on a secure
|
207
|
-
channel. */
|
208
|
-
typedef struct {
|
209
|
-
/** If non-NULL this callback will be invoked with the expected
|
210
|
-
target_name, the peer's certificate (in PEM format), and whatever
|
211
|
-
userdata pointer is set below. If a non-zero value is returned by this
|
212
|
-
callback then it is treated as a verification failure. Invocation of
|
213
|
-
the callback is blocking, so any implementation should be light-weight.
|
214
|
-
*/
|
215
|
-
int (*verify_peer_callback)(const char* target_name, const char* peer_pem,
|
216
|
-
void* userdata);
|
217
|
-
/** Arbitrary userdata that will be passed as the last argument to
|
218
|
-
verify_peer_callback. */
|
219
|
-
void* verify_peer_callback_userdata;
|
220
|
-
/** A destruct callback that will be invoked when the channel is being
|
221
|
-
cleaned up. The userdata argument will be passed to it. The intent is
|
222
|
-
to perform any cleanup associated with that userdata. */
|
223
|
-
void (*verify_peer_destruct)(void* userdata);
|
224
|
-
} grpc_ssl_verify_peer_options;
|
225
|
-
|
226
|
-
/** Deprecated in favor of grpc_ssl_server_credentials_create_ex. It will be
|
227
|
-
removed after all of its call sites are migrated to
|
228
|
-
grpc_ssl_server_credentials_create_ex. Creates an SSL credentials object.
|
229
|
-
The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
|
230
|
-
- pem_root_certs is the NULL-terminated string containing the PEM encoding
|
231
|
-
of the server root certificates. If this parameter is NULL, the
|
232
|
-
implementation will first try to dereference the file pointed by the
|
233
|
-
GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
|
234
|
-
try to get the roots set by grpc_override_ssl_default_roots. Eventually,
|
235
|
-
if all these fail, it will try to get the roots from a well-known place on
|
236
|
-
disk (in the grpc install directory).
|
237
|
-
|
238
|
-
gRPC has implemented root cache if the underlying OpenSSL library supports
|
239
|
-
it. The gRPC root certificates cache is only applicable on the default
|
240
|
-
root certificates, which is used when this parameter is nullptr. If user
|
241
|
-
provides their own pem_root_certs, when creating an SSL credential object,
|
242
|
-
gRPC would not be able to cache it, and each subchannel will generate a
|
243
|
-
copy of the root store. So it is recommended to avoid providing large room
|
244
|
-
pem with pem_root_certs parameter to avoid excessive memory consumption,
|
245
|
-
particularly on mobile platforms such as iOS.
|
246
|
-
- pem_key_cert_pair is a pointer on the object containing client's private
|
247
|
-
key and certificate chain. This parameter can be NULL if the client does
|
248
|
-
not have such a key/cert pair.
|
249
|
-
- verify_options is an optional verify_peer_options object which holds
|
250
|
-
additional options controlling how peer certificates are verified. For
|
251
|
-
example, you can supply a callback which receives the peer's certificate
|
252
|
-
with which you can do additional verification. Can be NULL, in which
|
253
|
-
case verification will retain default behavior. Any settings in
|
254
|
-
verify_options are copied during this call, so the verify_options
|
255
|
-
object can be released afterwards. */
|
256
|
-
GRPCAPI grpc_channel_credentials* grpc_ssl_credentials_create(
|
257
|
-
const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
|
258
|
-
const verify_peer_options* verify_options, void* reserved);
|
259
|
-
|
260
|
-
/* Creates an SSL credentials object.
|
261
|
-
The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
|
262
|
-
- pem_root_certs is the NULL-terminated string containing the PEM encoding
|
263
|
-
of the server root certificates. If this parameter is NULL, the
|
264
|
-
implementation will first try to dereference the file pointed by the
|
265
|
-
GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails,
|
266
|
-
try to get the roots set by grpc_override_ssl_default_roots. Eventually,
|
267
|
-
if all these fail, it will try to get the roots from a well-known place on
|
268
|
-
disk (in the grpc install directory).
|
269
|
-
|
270
|
-
gRPC has implemented root cache if the underlying OpenSSL library supports
|
271
|
-
it. The gRPC root certificates cache is only applicable on the default
|
272
|
-
root certificates, which is used when this parameter is nullptr. If user
|
273
|
-
provides their own pem_root_certs, when creating an SSL credential object,
|
274
|
-
gRPC would not be able to cache it, and each subchannel will generate a
|
275
|
-
copy of the root store. So it is recommended to avoid providing large room
|
276
|
-
pem with pem_root_certs parameter to avoid excessive memory consumption,
|
277
|
-
particularly on mobile platforms such as iOS.
|
278
|
-
- pem_key_cert_pair is a pointer on the object containing client's private
|
279
|
-
key and certificate chain. This parameter can be NULL if the client does
|
280
|
-
not have such a key/cert pair.
|
281
|
-
- verify_options is an optional verify_peer_options object which holds
|
282
|
-
additional options controlling how peer certificates are verified. For
|
283
|
-
example, you can supply a callback which receives the peer's certificate
|
284
|
-
with which you can do additional verification. Can be NULL, in which
|
285
|
-
case verification will retain default behavior. Any settings in
|
286
|
-
verify_options are copied during this call, so the verify_options
|
287
|
-
object can be released afterwards. */
|
288
|
-
GRPCAPI grpc_channel_credentials* grpc_ssl_credentials_create_ex(
|
289
|
-
const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pair,
|
290
|
-
const grpc_ssl_verify_peer_options* verify_options, void* reserved);
|
291
|
-
|
292
|
-
/** Creates a composite channel credentials object. The security level of
|
293
|
-
* resulting connection is determined by channel_creds. */
|
294
|
-
GRPCAPI grpc_channel_credentials* grpc_composite_channel_credentials_create(
|
295
|
-
grpc_channel_credentials* channel_creds, grpc_call_credentials* call_creds,
|
296
|
-
void* reserved);
|
297
|
-
|
298
|
-
/** --- composite credentials. */
|
299
|
-
|
300
|
-
/** Creates a composite call credentials object. */
|
301
|
-
GRPCAPI grpc_call_credentials* grpc_composite_call_credentials_create(
|
302
|
-
grpc_call_credentials* creds1, grpc_call_credentials* creds2,
|
303
|
-
void* reserved);
|
304
|
-
|
305
|
-
/** Creates a compute engine credentials object for connecting to Google.
|
306
|
-
WARNING: Do NOT use this credentials to connect to a non-google service as
|
307
|
-
this could result in an oauth2 token leak. */
|
308
|
-
GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create(
|
309
|
-
void* reserved);
|
310
|
-
|
311
|
-
GRPCAPI gpr_timespec grpc_max_auth_token_lifetime(void);
|
312
|
-
|
313
|
-
/** Creates a JWT credentials object. May return NULL if the input is invalid.
|
314
|
-
- json_key is the JSON key string containing the client's private key.
|
315
|
-
- token_lifetime is the lifetime of each Json Web Token (JWT) created with
|
316
|
-
this credentials. It should not exceed grpc_max_auth_token_lifetime or
|
317
|
-
will be cropped to this value. */
|
318
|
-
GRPCAPI grpc_call_credentials*
|
319
|
-
grpc_service_account_jwt_access_credentials_create(const char* json_key,
|
320
|
-
gpr_timespec token_lifetime,
|
321
|
-
void* reserved);
|
322
|
-
|
323
|
-
/** Builds External Account credentials.
|
324
|
-
- json_string is the JSON string containing the credentials options.
|
325
|
-
- scopes_string contains the scopes to be binded with the credentials.
|
326
|
-
This API is used for experimental purposes for now and may change in the
|
327
|
-
future. */
|
328
|
-
GRPCAPI grpc_call_credentials* grpc_external_account_credentials_create(
|
329
|
-
const char* json_string, const char* scopes_string);
|
330
|
-
|
331
|
-
/** Creates an Oauth2 Refresh Token credentials object for connecting to Google.
|
332
|
-
May return NULL if the input is invalid.
|
333
|
-
WARNING: Do NOT use this credentials to connect to a non-google service as
|
334
|
-
this could result in an oauth2 token leak.
|
335
|
-
- json_refresh_token is the JSON string containing the refresh token itself
|
336
|
-
along with a client_id and client_secret. */
|
337
|
-
GRPCAPI grpc_call_credentials* grpc_google_refresh_token_credentials_create(
|
338
|
-
const char* json_refresh_token, void* reserved);
|
339
|
-
|
340
|
-
/** Creates an Oauth2 Access Token credentials with an access token that was
|
341
|
-
acquired by an out of band mechanism. */
|
342
|
-
GRPCAPI grpc_call_credentials* grpc_access_token_credentials_create(
|
343
|
-
const char* access_token, void* reserved);
|
344
|
-
|
345
|
-
/** Creates an IAM credentials object for connecting to Google. */
|
346
|
-
GRPCAPI grpc_call_credentials* grpc_google_iam_credentials_create(
|
347
|
-
const char* authorization_token, const char* authority_selector,
|
348
|
-
void* reserved);
|
349
|
-
|
350
|
-
/** Options for creating STS Oauth Token Exchange credentials following the IETF
|
351
|
-
draft https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16.
|
352
|
-
Optional fields may be set to NULL or empty string. It is the responsibility
|
353
|
-
of the caller to ensure that the subject and actor tokens are refreshed on
|
354
|
-
disk at the specified paths. This API is used for experimental purposes for
|
355
|
-
now and may change in the future. */
|
356
|
-
typedef struct {
|
357
|
-
const char* token_exchange_service_uri; /* Required. */
|
358
|
-
const char* resource; /* Optional. */
|
359
|
-
const char* audience; /* Optional. */
|
360
|
-
const char* scope; /* Optional. */
|
361
|
-
const char* requested_token_type; /* Optional. */
|
362
|
-
const char* subject_token_path; /* Required. */
|
363
|
-
const char* subject_token_type; /* Required. */
|
364
|
-
const char* actor_token_path; /* Optional. */
|
365
|
-
const char* actor_token_type; /* Optional. */
|
366
|
-
} grpc_sts_credentials_options;
|
367
|
-
|
368
|
-
/** Creates an STS credentials following the STS Token Exchanged specifed in the
|
369
|
-
IETF draft https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16.
|
370
|
-
This API is used for experimental purposes for now and may change in the
|
371
|
-
future. */
|
372
|
-
GRPCAPI grpc_call_credentials* grpc_sts_credentials_create(
|
373
|
-
const grpc_sts_credentials_options* options, void* reserved);
|
374
|
-
|
375
|
-
/** Callback function to be called by the metadata credentials plugin
|
376
|
-
implementation when the metadata is ready.
|
377
|
-
- user_data is the opaque pointer that was passed in the get_metadata method
|
378
|
-
of the grpc_metadata_credentials_plugin (see below).
|
379
|
-
- creds_md is an array of credentials metadata produced by the plugin. It
|
380
|
-
may be set to NULL in case of an error.
|
381
|
-
- num_creds_md is the number of items in the creds_md array.
|
382
|
-
- status must be GRPC_STATUS_OK in case of success or another specific error
|
383
|
-
code otherwise.
|
384
|
-
- error_details contains details about the error if any. In case of success
|
385
|
-
it should be NULL and will be otherwise ignored. */
|
386
|
-
typedef void (*grpc_credentials_plugin_metadata_cb)(
|
387
|
-
void* user_data, const grpc_metadata* creds_md, size_t num_creds_md,
|
388
|
-
grpc_status_code status, const char* error_details);
|
389
|
-
|
390
|
-
/** Context that can be used by metadata credentials plugin in order to create
|
391
|
-
auth related metadata. */
|
392
|
-
typedef struct {
|
393
|
-
/** The fully qualifed service url. */
|
394
|
-
const char* service_url;
|
395
|
-
|
396
|
-
/** The method name of the RPC being called (not fully qualified).
|
397
|
-
The fully qualified method name can be built from the service_url:
|
398
|
-
full_qualified_method_name = ctx->service_url + '/' + ctx->method_name. */
|
399
|
-
const char* method_name;
|
400
|
-
|
401
|
-
/** The auth_context of the channel which gives the server's identity. */
|
402
|
-
const grpc_auth_context* channel_auth_context;
|
403
|
-
|
404
|
-
/** Reserved for future use. */
|
405
|
-
void* reserved;
|
406
|
-
} grpc_auth_metadata_context;
|
407
|
-
|
408
|
-
/** Performs a deep copy from \a from to \a to. **/
|
409
|
-
GRPCAPI void grpc_auth_metadata_context_copy(grpc_auth_metadata_context* from,
|
410
|
-
grpc_auth_metadata_context* to);
|
411
|
-
|
412
|
-
/** Releases internal resources held by \a context. **/
|
413
|
-
GRPCAPI void grpc_auth_metadata_context_reset(
|
414
|
-
grpc_auth_metadata_context* context);
|
415
|
-
|
416
|
-
/** Maximum number of metadata entries returnable by a credentials plugin via
|
417
|
-
a synchronous return. */
|
418
|
-
#define GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX 4
|
419
|
-
|
420
|
-
/** grpc_metadata_credentials plugin is an API user provided structure used to
|
421
|
-
create grpc_credentials objects that can be set on a channel (composed) or
|
422
|
-
a call. See grpc_credentials_metadata_create_from_plugin below.
|
423
|
-
The grpc client stack will call the get_metadata method of the plugin for
|
424
|
-
every call in scope for the credentials created from it. */
|
425
|
-
typedef struct {
|
426
|
-
/** The implementation of this method has to be non-blocking, but can
|
427
|
-
be performed synchronously or asynchronously.
|
428
|
-
|
429
|
-
If processing occurs synchronously, returns non-zero and populates
|
430
|
-
creds_md, num_creds_md, status, and error_details. In this case,
|
431
|
-
the caller takes ownership of the entries in creds_md and of
|
432
|
-
error_details. Note that if the plugin needs to return more than
|
433
|
-
GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX entries in creds_md, it must
|
434
|
-
return asynchronously.
|
435
|
-
|
436
|
-
If processing occurs asynchronously, returns zero and invokes \a cb
|
437
|
-
when processing is completed. \a user_data will be passed as the
|
438
|
-
first parameter of the callback. NOTE: \a cb MUST be invoked in a
|
439
|
-
different thread, not from the thread in which \a get_metadata() is
|
440
|
-
invoked.
|
441
|
-
|
442
|
-
\a context is the information that can be used by the plugin to create
|
443
|
-
auth metadata. */
|
444
|
-
int (*get_metadata)(
|
445
|
-
void* state, grpc_auth_metadata_context context,
|
446
|
-
grpc_credentials_plugin_metadata_cb cb, void* user_data,
|
447
|
-
grpc_metadata creds_md[GRPC_METADATA_CREDENTIALS_PLUGIN_SYNC_MAX],
|
448
|
-
size_t* num_creds_md, grpc_status_code* status,
|
449
|
-
const char** error_details);
|
450
|
-
|
451
|
-
/** Implements debug string of the given plugin. This method returns an
|
452
|
-
* allocated string that the caller needs to free using gpr_free() */
|
453
|
-
char* (*debug_string)(void* state);
|
454
|
-
|
455
|
-
/** Destroys the plugin state. */
|
456
|
-
void (*destroy)(void* state);
|
457
|
-
|
458
|
-
/** State that will be set as the first parameter of the methods above. */
|
459
|
-
void* state;
|
460
|
-
|
461
|
-
/** Type of credentials that this plugin is implementing. */
|
462
|
-
const char* type;
|
463
|
-
} grpc_metadata_credentials_plugin;
|
464
|
-
|
465
|
-
/** Creates a credentials object from a plugin with a specified minimum security
|
466
|
-
* level. */
|
467
|
-
GRPCAPI grpc_call_credentials* grpc_metadata_credentials_create_from_plugin(
|
468
|
-
grpc_metadata_credentials_plugin plugin,
|
469
|
-
grpc_security_level min_security_level, void* reserved);
|
470
|
-
|
471
|
-
/** Server certificate config object holds the server's public certificates and
|
472
|
-
associated private keys, as well as any CA certificates needed for client
|
473
|
-
certificate validation (if applicable). Create using
|
474
|
-
grpc_ssl_server_certificate_config_create(). */
|
475
|
-
typedef struct grpc_ssl_server_certificate_config
|
476
|
-
grpc_ssl_server_certificate_config;
|
477
|
-
|
478
|
-
/** Creates a grpc_ssl_server_certificate_config object.
|
479
|
-
- pem_roots_cert is the NULL-terminated string containing the PEM encoding of
|
480
|
-
the client root certificates. This parameter may be NULL if the server does
|
481
|
-
not want the client to be authenticated with SSL.
|
482
|
-
- pem_key_cert_pairs is an array private key / certificate chains of the
|
483
|
-
server. This parameter cannot be NULL.
|
484
|
-
- num_key_cert_pairs indicates the number of items in the private_key_files
|
485
|
-
and cert_chain_files parameters. It must be at least 1.
|
486
|
-
- It is the caller's responsibility to free this object via
|
487
|
-
grpc_ssl_server_certificate_config_destroy(). */
|
488
|
-
GRPCAPI grpc_ssl_server_certificate_config*
|
489
|
-
grpc_ssl_server_certificate_config_create(
|
490
|
-
const char* pem_root_certs,
|
491
|
-
const grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
|
492
|
-
size_t num_key_cert_pairs);
|
493
|
-
|
494
|
-
/** Destroys a grpc_ssl_server_certificate_config object. */
|
495
|
-
GRPCAPI void grpc_ssl_server_certificate_config_destroy(
|
496
|
-
grpc_ssl_server_certificate_config* config);
|
497
|
-
|
498
|
-
/** Callback to retrieve updated SSL server certificates, private keys, and
|
499
|
-
trusted CAs (for client authentication).
|
500
|
-
- user_data parameter, if not NULL, contains opaque data to be used by the
|
501
|
-
callback.
|
502
|
-
- Use grpc_ssl_server_certificate_config_create to create the config.
|
503
|
-
- The caller assumes ownership of the config. */
|
504
|
-
typedef grpc_ssl_certificate_config_reload_status (
|
505
|
-
*grpc_ssl_server_certificate_config_callback)(
|
506
|
-
void* user_data, grpc_ssl_server_certificate_config** config);
|
507
|
-
|
508
|
-
/** Deprecated in favor of grpc_ssl_server_credentials_create_ex.
|
509
|
-
Creates an SSL server_credentials object.
|
510
|
-
- pem_roots_cert is the NULL-terminated string containing the PEM encoding of
|
511
|
-
the client root certificates. This parameter may be NULL if the server does
|
512
|
-
not want the client to be authenticated with SSL.
|
513
|
-
- pem_key_cert_pairs is an array private key / certificate chains of the
|
514
|
-
server. This parameter cannot be NULL.
|
515
|
-
- num_key_cert_pairs indicates the number of items in the private_key_files
|
516
|
-
and cert_chain_files parameters. It should be at least 1.
|
517
|
-
- force_client_auth, if set to non-zero will force the client to authenticate
|
518
|
-
with an SSL cert. Note that this option is ignored if pem_root_certs is
|
519
|
-
NULL. */
|
520
|
-
GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create(
|
521
|
-
const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
|
522
|
-
size_t num_key_cert_pairs, int force_client_auth, void* reserved);
|
523
|
-
|
524
|
-
/** Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
|
525
|
-
Same as grpc_ssl_server_credentials_create method except uses
|
526
|
-
grpc_ssl_client_certificate_request_type enum to support more ways to
|
527
|
-
authenticate client certificates.*/
|
528
|
-
GRPCAPI grpc_server_credentials* grpc_ssl_server_credentials_create_ex(
|
529
|
-
const char* pem_root_certs, grpc_ssl_pem_key_cert_pair* pem_key_cert_pairs,
|
530
|
-
size_t num_key_cert_pairs,
|
531
|
-
grpc_ssl_client_certificate_request_type client_certificate_request,
|
532
|
-
void* reserved);
|
533
|
-
|
534
|
-
typedef struct grpc_ssl_server_credentials_options
|
535
|
-
grpc_ssl_server_credentials_options;
|
536
|
-
|
537
|
-
/** Creates an options object using a certificate config. Use this method when
|
538
|
-
the certificates and keys of the SSL server will not change during the
|
539
|
-
server's lifetime.
|
540
|
-
- Takes ownership of the certificate_config parameter. */
|
541
|
-
GRPCAPI grpc_ssl_server_credentials_options*
|
542
|
-
grpc_ssl_server_credentials_create_options_using_config(
|
543
|
-
grpc_ssl_client_certificate_request_type client_certificate_request,
|
544
|
-
grpc_ssl_server_certificate_config* certificate_config);
|
545
|
-
|
546
|
-
/** Creates an options object using a certificate config fetcher. Use this
|
547
|
-
method to reload the certificates and keys of the SSL server without
|
548
|
-
interrupting the operation of the server. Initial certificate config will be
|
549
|
-
fetched during server initialization.
|
550
|
-
- user_data parameter, if not NULL, contains opaque data which will be passed
|
551
|
-
to the fetcher (see definition of
|
552
|
-
grpc_ssl_server_certificate_config_callback). */
|
553
|
-
GRPCAPI grpc_ssl_server_credentials_options*
|
554
|
-
grpc_ssl_server_credentials_create_options_using_config_fetcher(
|
555
|
-
grpc_ssl_client_certificate_request_type client_certificate_request,
|
556
|
-
grpc_ssl_server_certificate_config_callback cb, void* user_data);
|
557
|
-
|
558
|
-
/** Destroys a grpc_ssl_server_credentials_options object. */
|
559
|
-
GRPCAPI void grpc_ssl_server_credentials_options_destroy(
|
560
|
-
grpc_ssl_server_credentials_options* options);
|
561
|
-
|
562
|
-
/** Creates an SSL server_credentials object using the provided options struct.
|
563
|
-
- Takes ownership of the options parameter. */
|
564
|
-
GRPCAPI grpc_server_credentials*
|
565
|
-
grpc_ssl_server_credentials_create_with_options(
|
566
|
-
grpc_ssl_server_credentials_options* options);
|
567
|
-
|
568
|
-
/** --- Call specific credentials. --- */
|
569
|
-
|
570
|
-
/** Sets a credentials to a call. Can only be called on the client side before
|
571
|
-
grpc_call_start_batch. */
|
572
|
-
GRPCAPI grpc_call_error grpc_call_set_credentials(grpc_call* call,
|
573
|
-
grpc_call_credentials* creds);
|
574
|
-
|
575
|
-
/** --- Auth Metadata Processing --- */
|
576
|
-
|
577
|
-
/** Callback function that is called when the metadata processing is done.
|
578
|
-
- Consumed metadata will be removed from the set of metadata available on the
|
579
|
-
call. consumed_md may be NULL if no metadata has been consumed.
|
580
|
-
- Response metadata will be set on the response. response_md may be NULL.
|
581
|
-
- status is GRPC_STATUS_OK for success or a specific status for an error.
|
582
|
-
Common error status for auth metadata processing is either
|
583
|
-
GRPC_STATUS_UNAUTHENTICATED in case of an authentication failure or
|
584
|
-
GRPC_STATUS PERMISSION_DENIED in case of an authorization failure.
|
585
|
-
- error_details gives details about the error. May be NULL. */
|
586
|
-
typedef void (*grpc_process_auth_metadata_done_cb)(
|
587
|
-
void* user_data, const grpc_metadata* consumed_md, size_t num_consumed_md,
|
588
|
-
const grpc_metadata* response_md, size_t num_response_md,
|
589
|
-
grpc_status_code status, const char* error_details);
|
590
|
-
|
591
|
-
/** Pluggable server-side metadata processor object. */
|
592
|
-
typedef struct {
|
593
|
-
/** The context object is read/write: it contains the properties of the
|
594
|
-
channel peer and it is the job of the process function to augment it with
|
595
|
-
properties derived from the passed-in metadata.
|
596
|
-
The lifetime of these objects is guaranteed until cb is invoked. */
|
597
|
-
void (*process)(void* state, grpc_auth_context* context,
|
598
|
-
const grpc_metadata* md, size_t num_md,
|
599
|
-
grpc_process_auth_metadata_done_cb cb, void* user_data);
|
600
|
-
void (*destroy)(void* state);
|
601
|
-
void* state;
|
602
|
-
} grpc_auth_metadata_processor;
|
603
|
-
|
604
|
-
GRPCAPI void grpc_server_credentials_set_auth_metadata_processor(
|
605
|
-
grpc_server_credentials* creds, grpc_auth_metadata_processor processor);
|
606
|
-
|
607
|
-
/** --- ALTS channel/server credentials --- **/
|
608
|
-
|
609
|
-
/**
|
610
|
-
* Main interface for ALTS credentials options. The options will contain
|
611
|
-
* information that will be passed from grpc to TSI layer such as RPC protocol
|
612
|
-
* versions. ALTS client (channel) and server credentials will have their own
|
613
|
-
* implementation of this interface. The APIs listed in this header are
|
614
|
-
* thread-compatible. It is used for experimental purpose for now and subject
|
615
|
-
* to change.
|
616
|
-
*/
|
617
|
-
typedef struct grpc_alts_credentials_options grpc_alts_credentials_options;
|
618
|
-
|
619
|
-
/**
|
620
|
-
* This method creates a grpc ALTS credentials client options instance.
|
621
|
-
* It is used for experimental purpose for now and subject to change.
|
622
|
-
*/
|
623
|
-
GRPCAPI grpc_alts_credentials_options*
|
624
|
-
grpc_alts_credentials_client_options_create(void);
|
625
|
-
|
626
|
-
/**
|
627
|
-
* This method creates a grpc ALTS credentials server options instance.
|
628
|
-
* It is used for experimental purpose for now and subject to change.
|
629
|
-
*/
|
630
|
-
GRPCAPI grpc_alts_credentials_options*
|
631
|
-
grpc_alts_credentials_server_options_create(void);
|
632
|
-
|
633
|
-
/**
|
634
|
-
* This method adds a target service account to grpc client's ALTS credentials
|
635
|
-
* options instance. It is used for experimental purpose for now and subject
|
636
|
-
* to change.
|
637
|
-
*
|
638
|
-
* - options: grpc ALTS credentials options instance.
|
639
|
-
* - service_account: service account of target endpoint.
|
640
|
-
*/
|
641
|
-
GRPCAPI void grpc_alts_credentials_client_options_add_target_service_account(
|
642
|
-
grpc_alts_credentials_options* options, const char* service_account);
|
643
|
-
|
644
|
-
/**
|
645
|
-
* This method destroys a grpc_alts_credentials_options instance by
|
646
|
-
* de-allocating all of its occupied memory. It is used for experimental purpose
|
647
|
-
* for now and subject to change.
|
648
|
-
*
|
649
|
-
* - options: a grpc_alts_credentials_options instance that needs to be
|
650
|
-
* destroyed.
|
651
|
-
*/
|
652
|
-
GRPCAPI void grpc_alts_credentials_options_destroy(
|
653
|
-
grpc_alts_credentials_options* options);
|
654
|
-
|
655
|
-
/**
|
656
|
-
* This method creates an ALTS channel credential object. The security
|
657
|
-
* level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
|
658
|
-
* It is used for experimental purpose for now and subject to change.
|
659
|
-
*
|
660
|
-
* - options: grpc ALTS credentials options instance for client.
|
661
|
-
*
|
662
|
-
* It returns the created ALTS channel credential object.
|
663
|
-
*/
|
664
|
-
GRPCAPI grpc_channel_credentials* grpc_alts_credentials_create(
|
665
|
-
const grpc_alts_credentials_options* options);
|
666
|
-
|
667
|
-
/**
|
668
|
-
* This method creates an ALTS server credential object. It is used for
|
669
|
-
* experimental purpose for now and subject to change.
|
670
|
-
*
|
671
|
-
* - options: grpc ALTS credentials options instance for server.
|
672
|
-
*
|
673
|
-
* It returns the created ALTS server credential object.
|
674
|
-
*/
|
675
|
-
GRPCAPI grpc_server_credentials* grpc_alts_server_credentials_create(
|
676
|
-
const grpc_alts_credentials_options* options);
|
677
|
-
|
678
|
-
/** --- Local channel/server credentials --- **/
|
679
|
-
|
680
|
-
/**
|
681
|
-
* This method creates a local channel credential object. The security level
|
682
|
-
* of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY for UDS and
|
683
|
-
* GRPC_SECURITY_NONE for LOCAL_TCP. It is used for experimental purpose
|
684
|
-
* for now and subject to change.
|
685
|
-
*
|
686
|
-
* - type: local connection type
|
687
|
-
*
|
688
|
-
* It returns the created local channel credential object.
|
689
|
-
*/
|
690
|
-
GRPCAPI grpc_channel_credentials* grpc_local_credentials_create(
|
691
|
-
grpc_local_connect_type type);
|
692
|
-
|
693
|
-
/**
|
694
|
-
* This method creates a local server credential object. It is used for
|
695
|
-
* experimental purpose for now and subject to change.
|
696
|
-
*
|
697
|
-
* - type: local connection type
|
698
|
-
*
|
699
|
-
* It returns the created local server credential object.
|
700
|
-
*/
|
701
|
-
GRPCAPI grpc_server_credentials* grpc_local_server_credentials_create(
|
702
|
-
grpc_local_connect_type type);
|
703
|
-
|
704
|
-
/** --- TLS channel/server credentials ---
|
705
|
-
* It is used for experimental purpose for now and subject to change. */
|
706
|
-
|
707
|
-
/**
|
708
|
-
* EXPERIMENTAL API - Subject to change
|
709
|
-
*
|
710
|
-
* A struct that can be specified by callers to configure underlying TLS
|
711
|
-
* behaviors.
|
712
|
-
*/
|
713
|
-
typedef struct grpc_tls_credentials_options grpc_tls_credentials_options;
|
714
|
-
|
715
|
-
/**
|
716
|
-
* EXPERIMENTAL API - Subject to change
|
717
|
-
*
|
718
|
-
* A struct provides ways to gain credential data that will be used in the TLS
|
719
|
-
* handshake.
|
720
|
-
*/
|
721
|
-
typedef struct grpc_tls_certificate_provider grpc_tls_certificate_provider;
|
722
|
-
|
723
|
-
/**
|
724
|
-
* EXPERIMENTAL API - Subject to change
|
725
|
-
*
|
726
|
-
* A struct that stores the credential data presented to the peer in handshake
|
727
|
-
* to show local identity.
|
728
|
-
*/
|
729
|
-
typedef struct grpc_tls_identity_pairs grpc_tls_identity_pairs;
|
730
|
-
|
731
|
-
/**
|
732
|
-
* EXPERIMENTAL API - Subject to change
|
733
|
-
*
|
734
|
-
* Creates a grpc_tls_identity_pairs that stores a list of identity credential
|
735
|
-
* data, including identity private key and identity certificate chain.
|
736
|
-
*/
|
737
|
-
GRPCAPI grpc_tls_identity_pairs* grpc_tls_identity_pairs_create();
|
738
|
-
|
739
|
-
/**
|
740
|
-
* EXPERIMENTAL API - Subject to change
|
741
|
-
*
|
742
|
-
* Adds a identity private key and a identity certificate chain to
|
743
|
-
* grpc_tls_identity_pairs. This function will make an internal copy of
|
744
|
-
* |private_key| and |cert_chain|.
|
745
|
-
*/
|
746
|
-
GRPCAPI void grpc_tls_identity_pairs_add_pair(grpc_tls_identity_pairs* pairs,
|
747
|
-
const char* private_key,
|
748
|
-
const char* cert_chain);
|
749
|
-
|
750
|
-
/**
|
751
|
-
* EXPERIMENTAL API - Subject to change
|
752
|
-
*
|
753
|
-
* Destroys a grpc_tls_identity_pairs object. If this object is passed to a
|
754
|
-
* provider initiation function, the ownership is transferred so this function
|
755
|
-
* doesn't need to be called. Otherwise the creator of the
|
756
|
-
* grpc_tls_identity_pairs object is responsible for its destruction.
|
757
|
-
*/
|
758
|
-
GRPCAPI void grpc_tls_identity_pairs_destroy(grpc_tls_identity_pairs* pairs);
|
759
|
-
|
760
|
-
/**
|
761
|
-
* EXPERIMENTAL API - Subject to change
|
762
|
-
*
|
763
|
-
* Creates a grpc_tls_certificate_provider that will load credential data from
|
764
|
-
* static string during initialization. This provider will always return the
|
765
|
-
* same cert data for all cert names.
|
766
|
-
* root_certificate and pem_key_cert_pairs can be nullptr, indicating the
|
767
|
-
* corresponding credential data is not needed.
|
768
|
-
* This function will make a copy of |root_certificate|.
|
769
|
-
* The ownership of |pem_key_cert_pairs| is transferred.
|
770
|
-
*/
|
771
|
-
GRPCAPI grpc_tls_certificate_provider*
|
772
|
-
grpc_tls_certificate_provider_static_data_create(
|
773
|
-
const char* root_certificate, grpc_tls_identity_pairs* pem_key_cert_pairs);
|
774
|
-
|
775
|
-
/**
|
776
|
-
* EXPERIMENTAL API - Subject to change
|
777
|
-
*
|
778
|
-
* Creates a grpc_tls_certificate_provider that will watch the credential
|
779
|
-
* changes on the file system. This provider will always return the up-to-date
|
780
|
-
* cert data for all the cert names callers set through
|
781
|
-
* |grpc_tls_credentials_options|. Note that this API only supports one key-cert
|
782
|
-
* file and hence one set of identity key-cert pair, so SNI(Server Name
|
783
|
-
* Indication) is not supported.
|
784
|
-
* - private_key_path is the file path of the private key. This must be set if
|
785
|
-
* |identity_certificate_path| is set. Otherwise, it could be null if no
|
786
|
-
* identity credentials are needed.
|
787
|
-
* - identity_certificate_path is the file path of the identity certificate
|
788
|
-
* chain. This must be set if |private_key_path| is set. Otherwise, it could
|
789
|
-
* be null if no identity credentials are needed.
|
790
|
-
* - root_cert_path is the file path to the root certificate bundle. This
|
791
|
-
* may be null if no root certs are needed.
|
792
|
-
* - refresh_interval_sec is the refreshing interval that we will check the
|
793
|
-
* files for updates.
|
794
|
-
* It does not take ownership of parameters.
|
795
|
-
*/
|
796
|
-
GRPCAPI grpc_tls_certificate_provider*
|
797
|
-
grpc_tls_certificate_provider_file_watcher_create(
|
798
|
-
const char* private_key_path, const char* identity_certificate_path,
|
799
|
-
const char* root_cert_path, unsigned int refresh_interval_sec);
|
800
|
-
|
801
|
-
/**
|
802
|
-
* EXPERIMENTAL API - Subject to change
|
803
|
-
*
|
804
|
-
* Releases a grpc_tls_certificate_provider object. The creator of the
|
805
|
-
* grpc_tls_certificate_provider object is responsible for its release.
|
806
|
-
*/
|
807
|
-
GRPCAPI void grpc_tls_certificate_provider_release(
|
808
|
-
grpc_tls_certificate_provider* provider);
|
809
|
-
|
810
|
-
/**
|
811
|
-
* EXPERIMENTAL API - Subject to change
|
812
|
-
*
|
813
|
-
* Creates an grpc_tls_credentials_options.
|
814
|
-
*/
|
815
|
-
GRPCAPI grpc_tls_credentials_options* grpc_tls_credentials_options_create(void);
|
816
|
-
|
817
|
-
/**
|
818
|
-
* EXPERIMENTAL API - Subject to change
|
819
|
-
*
|
820
|
-
* Sets the minimum TLS version that will be negotiated during the TLS
|
821
|
-
* handshake. If not set, the underlying SSL library will set it to TLS v1.2.
|
822
|
-
*/
|
823
|
-
GRPCAPI void grpc_tls_credentials_options_set_min_tls_version(
|
824
|
-
grpc_tls_credentials_options* options, grpc_tls_version min_tls_version);
|
825
|
-
|
826
|
-
/**
|
827
|
-
* EXPERIMENTAL API - Subject to change
|
828
|
-
*
|
829
|
-
* Sets the maximum TLS version that will be negotiated during the TLS
|
830
|
-
* handshake. If not set, the underlying SSL library will set it to TLS v1.3.
|
831
|
-
*/
|
832
|
-
GRPCAPI void grpc_tls_credentials_options_set_max_tls_version(
|
833
|
-
grpc_tls_credentials_options* options, grpc_tls_version max_tls_version);
|
834
|
-
|
835
|
-
/**
|
836
|
-
* EXPERIMENTAL API - Subject to change
|
837
|
-
*
|
838
|
-
* Copies a grpc_tls_credentials_options.
|
839
|
-
*/
|
840
|
-
GRPCAPI grpc_tls_credentials_options* grpc_tls_credentials_options_copy(
|
841
|
-
grpc_tls_credentials_options* options);
|
842
|
-
|
843
|
-
/**
|
844
|
-
* EXPERIMENTAL API - Subject to change
|
845
|
-
*
|
846
|
-
* Destroys a grpc_tls_credentials_options.
|
847
|
-
*/
|
848
|
-
GRPCAPI void grpc_tls_credentials_options_destroy(
|
849
|
-
grpc_tls_credentials_options* options);
|
850
|
-
|
851
|
-
/**
|
852
|
-
* EXPERIMENTAL API - Subject to change
|
853
|
-
*
|
854
|
-
* Sets the credential provider in the options.
|
855
|
-
* The |options| will implicitly take a new ref to the |provider|.
|
856
|
-
*/
|
857
|
-
GRPCAPI void grpc_tls_credentials_options_set_certificate_provider(
|
858
|
-
grpc_tls_credentials_options* options,
|
859
|
-
grpc_tls_certificate_provider* provider);
|
860
|
-
|
861
|
-
/**
|
862
|
-
* EXPERIMENTAL API - Subject to change
|
863
|
-
*
|
864
|
-
* If set, gRPC stack will keep watching the root certificates with
|
865
|
-
* name |root_cert_name|.
|
866
|
-
* If this is not set on the client side, we will use the root certificates
|
867
|
-
* stored in the default system location, since client side must provide root
|
868
|
-
* certificates in TLS.
|
869
|
-
* If this is not set on the server side, we will not watch any root certificate
|
870
|
-
* updates, and assume no root certificates needed for the server(single-side
|
871
|
-
* TLS). Default root certs on the server side is not supported.
|
872
|
-
*/
|
873
|
-
GRPCAPI void grpc_tls_credentials_options_watch_root_certs(
|
874
|
-
grpc_tls_credentials_options* options);
|
875
|
-
|
876
|
-
/**
|
877
|
-
* EXPERIMENTAL API - Subject to change
|
878
|
-
*
|
879
|
-
* Sets the name of the root certificates being watched.
|
880
|
-
* If not set, We will use a default empty string as the root certificate name.
|
881
|
-
*/
|
882
|
-
GRPCAPI void grpc_tls_credentials_options_set_root_cert_name(
|
883
|
-
grpc_tls_credentials_options* options, const char* root_cert_name);
|
884
|
-
|
885
|
-
/**
|
886
|
-
* EXPERIMENTAL API - Subject to change
|
887
|
-
*
|
888
|
-
* If set, gRPC stack will keep watching the identity key-cert pairs
|
889
|
-
* with name |identity_cert_name|.
|
890
|
-
* This is required on the server side, and optional on the client side.
|
891
|
-
*/
|
892
|
-
GRPCAPI void grpc_tls_credentials_options_watch_identity_key_cert_pairs(
|
893
|
-
grpc_tls_credentials_options* options);
|
894
|
-
|
895
|
-
/**
|
896
|
-
* EXPERIMENTAL API - Subject to change
|
897
|
-
*
|
898
|
-
* Sets the name of the identity certificates being watched.
|
899
|
-
* If not set, We will use a default empty string as the identity certificate
|
900
|
-
* name.
|
901
|
-
*/
|
902
|
-
GRPCAPI void grpc_tls_credentials_options_set_identity_cert_name(
|
903
|
-
grpc_tls_credentials_options* options, const char* identity_cert_name);
|
904
|
-
|
905
|
-
/**
|
906
|
-
* EXPERIMENTAL API - Subject to change
|
907
|
-
*
|
908
|
-
* Sets the options of whether to request and/or verify client certs. This shall
|
909
|
-
* only be called on the server side.
|
910
|
-
*/
|
911
|
-
GRPCAPI void grpc_tls_credentials_options_set_cert_request_type(
|
912
|
-
grpc_tls_credentials_options* options,
|
913
|
-
grpc_ssl_client_certificate_request_type type);
|
914
|
-
|
915
|
-
/** Deprecated in favor of grpc_tls_credentials_options_set_crl_provider. The
|
916
|
-
* crl provider interface provides a significantly more flexible approach to
|
917
|
-
* using CRLs. See gRFC A69 for details.
|
918
|
-
* EXPERIMENTAL API - Subject to change
|
919
|
-
*
|
920
|
-
* If set, gRPC will read all hashed x.509 CRL files in the directory and
|
921
|
-
* enforce the CRL files on all TLS handshakes. Only supported for OpenSSL
|
922
|
-
* version > 1.1.
|
923
|
-
* It is used for experimental purpose for now and subject to change.
|
924
|
-
*/
|
925
|
-
GRPCAPI void grpc_tls_credentials_options_set_crl_directory(
|
926
|
-
grpc_tls_credentials_options* options, const char* crl_directory);
|
927
|
-
|
928
|
-
/**
|
929
|
-
* EXPERIMENTAL API - Subject to change
|
930
|
-
*
|
931
|
-
* Sets the options of whether to verify server certs on the client side.
|
932
|
-
* Passing in a non-zero value indicates verifying the certs.
|
933
|
-
*/
|
934
|
-
GRPCAPI void grpc_tls_credentials_options_set_verify_server_cert(
|
935
|
-
grpc_tls_credentials_options* options, int verify_server_cert);
|
936
|
-
|
937
|
-
/**
|
938
|
-
* EXPERIMENTAL API - Subject to change
|
939
|
-
*
|
940
|
-
* Sets whether or not a TLS server should send a list of CA names in the
|
941
|
-
* ServerHello. This list of CA names is read from the server's trust bundle, so
|
942
|
-
* that the client can use this list as a hint to know which certificate it
|
943
|
-
* should send to the server.
|
944
|
-
*
|
945
|
-
* WARNING: This API is extremely dangerous and should not be used. If the
|
946
|
-
* server's trust bundle is too large, then the TLS server will be unable to
|
947
|
-
* form a ServerHello, and hence will be unusable. The definition of "too large"
|
948
|
-
* depends on the underlying SSL library being used and on the size of the CN
|
949
|
-
* fields of the certificates in the trust bundle.
|
950
|
-
*/
|
951
|
-
GRPCAPI void grpc_tls_credentials_options_set_send_client_ca_list(
|
952
|
-
grpc_tls_credentials_options* options, bool send_client_ca_list);
|
953
|
-
|
954
|
-
/**
|
955
|
-
* EXPERIMENTAL API - Subject to change
|
956
|
-
*
|
957
|
-
* The read-only request information exposed in a verification call.
|
958
|
-
* Callers should not directly manage the ownership of it. We will make sure it
|
959
|
-
* is always available inside verify() or cancel() call, and will destroy the
|
960
|
-
* object at the end of custom verification.
|
961
|
-
*/
|
962
|
-
typedef struct grpc_tls_custom_verification_check_request {
|
963
|
-
/* The target name of the server when the client initiates the connection. */
|
964
|
-
/* This field will be nullptr if on the server side. */
|
965
|
-
const char* target_name;
|
966
|
-
/* The information contained in the certificate chain sent from the peer. */
|
967
|
-
struct peer_info {
|
968
|
-
/* The Common Name field on the peer leaf certificate. */
|
969
|
-
const char* common_name;
|
970
|
-
/* The list of Subject Alternative Names on the peer leaf certificate. */
|
971
|
-
struct san_names {
|
972
|
-
char** uri_names;
|
973
|
-
size_t uri_names_size;
|
974
|
-
char** dns_names;
|
975
|
-
size_t dns_names_size;
|
976
|
-
char** email_names;
|
977
|
-
size_t email_names_size;
|
978
|
-
char** ip_names;
|
979
|
-
size_t ip_names_size;
|
980
|
-
} san_names;
|
981
|
-
/* The raw peer leaf certificate. */
|
982
|
-
const char* peer_cert;
|
983
|
-
/* The raw peer certificate chain. Note that it is not always guaranteed to
|
984
|
-
* get the peer full chain. For more, please refer to
|
985
|
-
* GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME defined in file
|
986
|
-
* grpc_security_constants.h.
|
987
|
-
* TODO(ZhenLian): Consider fixing this in the future. */
|
988
|
-
const char* peer_cert_full_chain;
|
989
|
-
/* The verified root cert subject.
|
990
|
-
* This value will only be filled if the cryptographic peer certificate
|
991
|
-
* verification was successful */
|
992
|
-
const char* verified_root_cert_subject;
|
993
|
-
} peer_info;
|
994
|
-
} grpc_tls_custom_verification_check_request;
|
995
|
-
|
996
|
-
/**
|
997
|
-
* EXPERIMENTAL API - Subject to change
|
998
|
-
*
|
999
|
-
* A callback function provided by gRPC as a parameter of the |verify| function
|
1000
|
-
* in grpc_tls_certificate_verifier_external. If |verify| is expected to be run
|
1001
|
-
* asynchronously, the implementer of |verify| will need to invoke this callback
|
1002
|
-
* with |callback_arg| and proper verification status at the end to bring the
|
1003
|
-
* control back to gRPC C core.
|
1004
|
-
*/
|
1005
|
-
typedef void (*grpc_tls_on_custom_verification_check_done_cb)(
|
1006
|
-
grpc_tls_custom_verification_check_request* request, void* callback_arg,
|
1007
|
-
grpc_status_code status, const char* error_details);
|
1008
|
-
|
1009
|
-
/**
|
1010
|
-
* EXPERIMENTAL API - Subject to change
|
1011
|
-
*
|
1012
|
-
* The internal verifier type that will be used inside core.
|
1013
|
-
*/
|
1014
|
-
typedef struct grpc_tls_certificate_verifier grpc_tls_certificate_verifier;
|
1015
|
-
|
1016
|
-
/**
|
1017
|
-
* EXPERIMENTAL API - Subject to change
|
1018
|
-
*
|
1019
|
-
* A struct containing all the necessary functions a custom external verifier
|
1020
|
-
* needs to implement to be able to be converted to an internal verifier.
|
1021
|
-
*/
|
1022
|
-
typedef struct grpc_tls_certificate_verifier_external {
|
1023
|
-
void* user_data;
|
1024
|
-
/**
|
1025
|
-
* A function pointer containing the verification logic that will be
|
1026
|
-
* performed after the TLS handshake is done. It could be processed
|
1027
|
-
* synchronously or asynchronously.
|
1028
|
-
* - If expected to be processed synchronously, the implementer should
|
1029
|
-
* populate the verification result through |sync_status| and
|
1030
|
-
* |sync_error_details|, and then return true.
|
1031
|
-
* - If expected to be processed asynchronously, the implementer should return
|
1032
|
-
* false immediately, and then in the asynchronous thread invoke |callback|
|
1033
|
-
* with the verification result. The implementer MUST NOT invoke the async
|
1034
|
-
* |callback| in the same thread before |verify| returns, otherwise it can
|
1035
|
-
* lead to deadlocks.
|
1036
|
-
*
|
1037
|
-
* user_data: any argument that is passed in the user_data of
|
1038
|
-
* grpc_tls_certificate_verifier_external during construction time
|
1039
|
-
* can be retrieved later here.
|
1040
|
-
* request: request information exposed to the function implementer.
|
1041
|
-
* callback: the callback that the function implementer needs to invoke, if
|
1042
|
-
* return a non-zero value. It is usually invoked when the
|
1043
|
-
* asynchronous verification is done, and serves to bring the
|
1044
|
-
* control back to gRPC.
|
1045
|
-
* callback_arg: A pointer to the internal ExternalVerifier instance. This is
|
1046
|
-
* mainly used as an argument in |callback|, if want to invoke
|
1047
|
-
* |callback| in async mode.
|
1048
|
-
* sync_status: indicates if a connection should be allowed. This should only
|
1049
|
-
* be used if the verification check is done synchronously.
|
1050
|
-
* sync_error_details: the error generated while verifying a connection. This
|
1051
|
-
* should only be used if the verification check is done
|
1052
|
-
* synchronously. the implementation must allocate the
|
1053
|
-
* error string via gpr_malloc() or gpr_strdup().
|
1054
|
-
* return: return 0 if |verify| is expected to be executed asynchronously,
|
1055
|
-
* otherwise return a non-zero value.
|
1056
|
-
*/
|
1057
|
-
int (*verify)(void* user_data,
|
1058
|
-
grpc_tls_custom_verification_check_request* request,
|
1059
|
-
grpc_tls_on_custom_verification_check_done_cb callback,
|
1060
|
-
void* callback_arg, grpc_status_code* sync_status,
|
1061
|
-
char** sync_error_details);
|
1062
|
-
/**
|
1063
|
-
* A function pointer that cleans up the caller-specified resources when the
|
1064
|
-
* verifier is still running but the whole connection got cancelled. This
|
1065
|
-
* could happen when the verifier is doing some async operations, and the
|
1066
|
-
* whole handshaker object got destroyed because of connection time limit is
|
1067
|
-
* reached, or any other reasons. In such cases, function implementers might
|
1068
|
-
* want to be notified, and properly clean up some resources.
|
1069
|
-
*
|
1070
|
-
* user_data: any argument that is passed in the user_data of
|
1071
|
-
* grpc_tls_certificate_verifier_external during construction time
|
1072
|
-
* can be retrieved later here.
|
1073
|
-
* request: request information exposed to the function implementer. It will
|
1074
|
-
* be the same request object that was passed to verify(), and it
|
1075
|
-
* tells the cancel() which request to cancel.
|
1076
|
-
*/
|
1077
|
-
void (*cancel)(void* user_data,
|
1078
|
-
grpc_tls_custom_verification_check_request* request);
|
1079
|
-
/**
|
1080
|
-
* A function pointer that does some additional destruction work when the
|
1081
|
-
* verifier is destroyed. This is used when the caller wants to associate some
|
1082
|
-
* objects to the lifetime of external_verifier, and destroy them when
|
1083
|
-
* external_verifier got destructed. For example, in C++, the class containing
|
1084
|
-
* user-specified callback functions should not be destroyed before
|
1085
|
-
* external_verifier, since external_verifier will invoke them while being
|
1086
|
-
* used.
|
1087
|
-
* Note that the caller MUST delete the grpc_tls_certificate_verifier_external
|
1088
|
-
* object itself in this function, otherwise it will cause memory leaks. That
|
1089
|
-
* also means the user_data has to carries at least a self pointer, for the
|
1090
|
-
* callers to later delete it in destruct().
|
1091
|
-
*
|
1092
|
-
* user_data: any argument that is passed in the user_data of
|
1093
|
-
* grpc_tls_certificate_verifier_external during construction time
|
1094
|
-
* can be retrieved later here.
|
1095
|
-
*/
|
1096
|
-
void (*destruct)(void* user_data);
|
1097
|
-
} grpc_tls_certificate_verifier_external;
|
1098
|
-
|
1099
|
-
/**
|
1100
|
-
* EXPERIMENTAL API - Subject to change
|
1101
|
-
*
|
1102
|
-
* Converts an external verifier to an internal verifier.
|
1103
|
-
* Note that we will not take the ownership of the external_verifier. Callers
|
1104
|
-
* will need to delete external_verifier in its own destruct function.
|
1105
|
-
*/
|
1106
|
-
grpc_tls_certificate_verifier* grpc_tls_certificate_verifier_external_create(
|
1107
|
-
grpc_tls_certificate_verifier_external* external_verifier);
|
1108
|
-
|
1109
|
-
/**
|
1110
|
-
* EXPERIMENTAL API - Subject to change
|
1111
|
-
*
|
1112
|
-
* Factory function for an internal verifier that won't perform any
|
1113
|
-
* post-handshake verification. Note: using this solely without any other
|
1114
|
-
* authentication mechanisms on the peer identity will leave your applications
|
1115
|
-
* to the MITM(Man-In-The-Middle) attacks. Users should avoid doing so in
|
1116
|
-
* production environments.
|
1117
|
-
*/
|
1118
|
-
grpc_tls_certificate_verifier* grpc_tls_certificate_verifier_no_op_create();
|
1119
|
-
|
1120
|
-
/**
|
1121
|
-
* EXPERIMENTAL API - Subject to change
|
1122
|
-
*
|
1123
|
-
* Factory function for an internal verifier that will do the default hostname
|
1124
|
-
* check.
|
1125
|
-
*/
|
1126
|
-
grpc_tls_certificate_verifier* grpc_tls_certificate_verifier_host_name_create();
|
1127
|
-
|
1128
|
-
/**
|
1129
|
-
* EXPERIMENTAL API - Subject to change
|
1130
|
-
*
|
1131
|
-
* Releases a grpc_tls_certificate_verifier object. The creator of the
|
1132
|
-
* grpc_tls_certificate_verifier object is responsible for its release.
|
1133
|
-
*/
|
1134
|
-
void grpc_tls_certificate_verifier_release(
|
1135
|
-
grpc_tls_certificate_verifier* verifier);
|
1136
|
-
|
1137
|
-
/**
|
1138
|
-
* EXPERIMENTAL API - Subject to change
|
1139
|
-
*
|
1140
|
-
* Sets the verifier in options. The |options| will implicitly take a new ref to
|
1141
|
-
* the |verifier|. If not set on the client side, we will verify server's
|
1142
|
-
* certificates, and check the default hostname. If not set on the server side,
|
1143
|
-
* we will verify client's certificates.
|
1144
|
-
*/
|
1145
|
-
void grpc_tls_credentials_options_set_certificate_verifier(
|
1146
|
-
grpc_tls_credentials_options* options,
|
1147
|
-
grpc_tls_certificate_verifier* verifier);
|
1148
|
-
|
1149
|
-
/**
|
1150
|
-
* EXPERIMENTAL API - Subject to change
|
1151
|
-
*
|
1152
|
-
* Sets the options of whether to check the hostname of the peer on a per-call
|
1153
|
-
* basis. This is usually used in a combination with virtual hosting at the
|
1154
|
-
* client side, where each individual call on a channel can have a different
|
1155
|
-
* host associated with it.
|
1156
|
-
* This check is intended to verify that the host specified for the individual
|
1157
|
-
* call is covered by the cert that the peer presented.
|
1158
|
-
* The default is a non-zero value, which indicates performing such checks.
|
1159
|
-
*/
|
1160
|
-
GRPCAPI void grpc_tls_credentials_options_set_check_call_host(
|
1161
|
-
grpc_tls_credentials_options* options, int check_call_host);
|
1162
|
-
|
1163
|
-
/**
|
1164
|
-
* EXPERIMENTAL API - Subject to change
|
1165
|
-
*
|
1166
|
-
* Performs the verification logic of an internal verifier.
|
1167
|
-
* This is typically used when composing the internal verifiers as part of the
|
1168
|
-
* custom verification.
|
1169
|
-
* If |grpc_tls_certificate_verifier_verify| returns true, inspect the
|
1170
|
-
* verification result through request->status and request->error_details.
|
1171
|
-
* Otherwise, inspect through the parameter of |callback|.
|
1172
|
-
*/
|
1173
|
-
int grpc_tls_certificate_verifier_verify(
|
1174
|
-
grpc_tls_certificate_verifier* verifier,
|
1175
|
-
grpc_tls_custom_verification_check_request* request,
|
1176
|
-
grpc_tls_on_custom_verification_check_done_cb callback, void* callback_arg,
|
1177
|
-
grpc_status_code* sync_status, char** sync_error_details);
|
1178
|
-
|
1179
|
-
/**
|
1180
|
-
* EXPERIMENTAL API - Subject to change
|
1181
|
-
*
|
1182
|
-
* Performs the cancellation logic of an internal verifier.
|
1183
|
-
* This is typically used when composing the internal verifiers as part of the
|
1184
|
-
* custom verification.
|
1185
|
-
*/
|
1186
|
-
void grpc_tls_certificate_verifier_cancel(
|
1187
|
-
grpc_tls_certificate_verifier* verifier,
|
1188
|
-
grpc_tls_custom_verification_check_request* request);
|
1189
|
-
|
1190
|
-
/**
|
1191
|
-
* EXPERIMENTAL API - Subject to change
|
1192
|
-
*
|
1193
|
-
* Creates a TLS channel credential object based on the
|
1194
|
-
* grpc_tls_credentials_options specified by callers. The
|
1195
|
-
* grpc_channel_credentials will take the ownership of the |options|. The
|
1196
|
-
* security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
|
1197
|
-
*/
|
1198
|
-
grpc_channel_credentials* grpc_tls_credentials_create(
|
1199
|
-
grpc_tls_credentials_options* options);
|
1200
|
-
|
1201
|
-
/**
|
1202
|
-
* EXPERIMENTAL API - Subject to change
|
1203
|
-
*
|
1204
|
-
* Creates a TLS server credential object based on the
|
1205
|
-
* grpc_tls_credentials_options specified by callers. The
|
1206
|
-
* grpc_server_credentials will take the ownership of the |options|.
|
1207
|
-
*/
|
1208
|
-
grpc_server_credentials* grpc_tls_server_credentials_create(
|
1209
|
-
grpc_tls_credentials_options* options);
|
1210
|
-
|
1211
|
-
/**
|
1212
|
-
* EXPERIMENTAL API - Subject to change
|
1213
|
-
*
|
1214
|
-
* This method creates an insecure channel credentials object.
|
1215
|
-
*/
|
1216
|
-
GRPCAPI grpc_channel_credentials* grpc_insecure_credentials_create();
|
1217
|
-
|
1218
|
-
/**
|
1219
|
-
* EXPERIMENTAL API - Subject to change
|
1220
|
-
*
|
1221
|
-
* This method creates an insecure server credentials object.
|
1222
|
-
*/
|
1223
|
-
GRPCAPI grpc_server_credentials* grpc_insecure_server_credentials_create();
|
1224
|
-
|
1225
|
-
/**
|
1226
|
-
* EXPERIMENTAL API - Subject to change
|
1227
|
-
*
|
1228
|
-
* This method creates an xDS channel credentials object.
|
1229
|
-
*
|
1230
|
-
* Creating a channel with credentials of this type indicates that the channel
|
1231
|
-
* should get credentials configuration from the xDS control plane.
|
1232
|
-
*
|
1233
|
-
* \a fallback_credentials are used if the channel target does not have the
|
1234
|
-
* 'xds:///' scheme or if the xDS control plane does not provide information on
|
1235
|
-
* how to fetch credentials dynamically. Does NOT take ownership of the \a
|
1236
|
-
* fallback_credentials. (Internally takes a ref to the object.)
|
1237
|
-
*/
|
1238
|
-
GRPCAPI grpc_channel_credentials* grpc_xds_credentials_create(
|
1239
|
-
grpc_channel_credentials* fallback_credentials);
|
1240
|
-
|
1241
|
-
/**
|
1242
|
-
* EXPERIMENTAL API - Subject to change
|
1243
|
-
*
|
1244
|
-
* This method creates an xDS server credentials object.
|
1245
|
-
*
|
1246
|
-
* \a fallback_credentials are used if the xDS control plane does not provide
|
1247
|
-
* information on how to fetch credentials dynamically.
|
1248
|
-
*
|
1249
|
-
* Does NOT take ownership of the \a fallback_credentials. (Internally takes
|
1250
|
-
* a ref to the object.)
|
1251
|
-
*/
|
1252
|
-
GRPCAPI grpc_server_credentials* grpc_xds_server_credentials_create(
|
1253
|
-
grpc_server_credentials* fallback_credentials);
|
1254
|
-
|
1255
104
|
/**
|
1256
105
|
* EXPERIMENTAL - Subject to change.
|
1257
106
|
* An opaque type that is responsible for providing authorization policies to
|
@@ -1302,26 +151,6 @@ grpc_authorization_policy_provider_file_watcher_create(
|
|
1302
151
|
GRPCAPI void grpc_authorization_policy_provider_release(
|
1303
152
|
grpc_authorization_policy_provider* provider);
|
1304
153
|
|
1305
|
-
/** --- TLS session key logging. ---
|
1306
|
-
* Experimental API to control tls session key logging. Tls session key logging
|
1307
|
-
* is expected to be used only for debugging purposes and never in production.
|
1308
|
-
* Tls session key logging is only enabled when:
|
1309
|
-
* At least one grpc_tls_credentials_options object is assigned a tls session
|
1310
|
-
* key logging file path using the API specified below.
|
1311
|
-
*/
|
1312
|
-
|
1313
|
-
/**
|
1314
|
-
* EXPERIMENTAL API - Subject to change.
|
1315
|
-
* Configures a grpc_tls_credentials_options object with tls session key
|
1316
|
-
* logging capability. TLS channels using these credentials have tls session
|
1317
|
-
* key logging enabled.
|
1318
|
-
* - options is the grpc_tls_credentials_options object
|
1319
|
-
* - path is a string pointing to the location where TLS session keys would be
|
1320
|
-
* stored.
|
1321
|
-
*/
|
1322
|
-
GRPCAPI void grpc_tls_credentials_options_set_tls_session_key_log_file_path(
|
1323
|
-
grpc_tls_credentials_options* options, const char* path);
|
1324
|
-
|
1325
154
|
#ifdef __cplusplus
|
1326
155
|
}
|
1327
156
|
#endif
|