wearefair-grpc 1.3.1.pre.c → 1.4.0.fair
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +418 -126
- data/include/grpc/grpc.h +15 -69
- data/include/grpc/grpc_security.h +1 -1
- data/include/grpc/impl/codegen/compression_types.h +3 -4
- data/include/grpc/impl/codegen/gpr_types.h +0 -1
- data/include/grpc/impl/codegen/grpc_types.h +69 -3
- data/include/grpc/impl/codegen/port_platform.h +6 -0
- data/include/grpc/impl/codegen/slice.h +2 -1
- data/include/grpc/load_reporting.h +6 -6
- data/include/grpc/slice.h +25 -3
- data/include/grpc/slice_buffer.h +4 -0
- data/src/core/ext/census/context.c +1 -1
- data/src/core/ext/census/resource.c +3 -1
- data/src/core/ext/filters/client_channel/channel_connectivity.c +1 -1
- data/src/core/ext/filters/client_channel/client_channel.c +158 -100
- data/src/core/ext/filters/client_channel/client_channel_plugin.c +3 -2
- data/src/core/ext/filters/client_channel/lb_policy.c +2 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +5 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.c +153 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +42 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.c +344 -88
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.c +133 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +65 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.c +47 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +6 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +19 -8
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +63 -34
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.c +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.c +13 -12
- data/src/core/ext/filters/client_channel/lb_policy_factory.c +28 -5
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +18 -4
- data/src/core/ext/filters/client_channel/parse_address.c +37 -7
- data/src/core/ext/filters/client_channel/parse_address.h +11 -8
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.c +3 -3
- data/src/core/ext/filters/client_channel/subchannel.c +19 -16
- data/src/core/ext/filters/client_channel/subchannel.h +1 -0
- data/src/core/ext/filters/client_channel/uri_parser.c +36 -22
- data/src/core/ext/filters/client_channel/uri_parser.h +1 -1
- data/src/core/{lib/channel → ext/filters/deadline}/deadline_filter.c +42 -17
- data/src/core/{lib/channel → ext/filters/deadline}/deadline_filter.h +8 -9
- data/src/core/{lib/channel → ext/filters/http/client}/http_client_filter.c +19 -11
- data/src/core/{lib/channel → ext/filters/http/client}/http_client_filter.h +3 -6
- data/src/core/ext/filters/http/http_filters_plugin.c +104 -0
- data/src/core/{lib/channel/compress_filter.c → ext/filters/http/message_compress/message_compress_filter.c} +124 -23
- data/src/core/{lib/channel/compress_filter.h → ext/filters/http/message_compress/message_compress_filter.h} +5 -6
- data/src/core/{lib/channel → ext/filters/http/server}/http_server_filter.c +4 -6
- data/src/core/{lib/channel → ext/filters/http/server}/http_server_filter.h +3 -3
- data/src/core/ext/filters/load_reporting/load_reporting.c +2 -25
- data/src/core/ext/filters/load_reporting/load_reporting_filter.c +26 -1
- data/src/core/ext/filters/max_age/max_age_filter.c +14 -14
- data/src/core/{lib/channel → ext/filters/message_size}/message_size_filter.c +91 -47
- data/src/core/{lib/channel → ext/filters/message_size}/message_size_filter.h +3 -3
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.c +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.c +2 -2
- data/src/core/ext/transport/chttp2/transport/bin_decoder.c +2 -2
- data/src/core/ext/transport/chttp2/transport/bin_encoder.c +3 -3
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.c +296 -172
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +3 -2
- data/src/core/ext/transport/chttp2/transport/frame_data.c +203 -164
- data/src/core/ext/transport/chttp2/transport/frame_data.h +8 -14
- data/src/core/ext/transport/chttp2/transport/frame_goaway.c +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_ping.c +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.c +5 -5
- data/src/core/ext/transport/chttp2/transport/frame_window_update.c +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.c +4 -4
- data/src/core/ext/transport/chttp2/transport/hpack_parser.c +2 -4
- data/src/core/ext/transport/chttp2/transport/hpack_table.c +4 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +50 -33
- data/src/core/ext/transport/chttp2/transport/parsing.c +10 -11
- data/src/core/ext/transport/chttp2/transport/writing.c +32 -13
- data/src/core/lib/channel/channel_args.c +28 -9
- data/src/core/lib/channel/channel_args.h +5 -1
- data/src/core/lib/channel/channel_stack.c +1 -1
- data/src/core/lib/channel/channel_stack.h +2 -2
- data/src/core/lib/channel/channel_stack_builder.c +13 -1
- data/src/core/lib/channel/channel_stack_builder.h +5 -1
- data/src/core/lib/channel/connected_channel.c +3 -1
- data/src/core/lib/channel/context.h +2 -2
- data/src/core/lib/compression/message_compress.c +2 -2
- data/src/core/lib/debug/trace.c +13 -6
- data/src/core/lib/debug/trace.h +27 -1
- data/src/core/lib/http/httpcli.c +1 -1
- data/src/core/lib/http/httpcli_security_connector.c +6 -10
- data/src/core/lib/http/parser.c +2 -2
- data/src/core/lib/http/parser.h +2 -1
- data/src/core/lib/iomgr/combiner.c +6 -6
- data/src/core/lib/iomgr/combiner.h +2 -1
- data/src/core/lib/iomgr/error.c +12 -5
- data/src/core/lib/iomgr/error.h +13 -13
- data/src/core/lib/iomgr/ev_epoll1_linux.c +984 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.h +44 -0
- data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.c +2146 -0
- data/src/core/lib/iomgr/ev_epoll_limited_pollers_linux.h +43 -0
- data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.c +1337 -0
- data/src/core/lib/iomgr/ev_epoll_thread_pool_linux.h +43 -0
- data/src/core/lib/iomgr/ev_epollex_linux.c +1511 -0
- data/src/core/lib/iomgr/ev_epollex_linux.h +43 -0
- data/src/core/lib/iomgr/{ev_epoll_linux.c → ev_epollsig_linux.c} +24 -31
- data/src/core/lib/iomgr/{ev_epoll_linux.h → ev_epollsig_linux.h} +4 -4
- data/src/core/lib/iomgr/ev_poll_posix.c +12 -27
- data/src/core/lib/iomgr/ev_poll_posix.h +2 -2
- data/src/core/lib/iomgr/ev_posix.c +22 -8
- data/src/core/lib/iomgr/ev_posix.h +4 -3
- data/src/core/lib/iomgr/exec_ctx.c +5 -0
- data/src/core/lib/iomgr/exec_ctx.h +2 -0
- data/src/core/lib/iomgr/iomgr.c +4 -0
- data/src/core/lib/iomgr/iomgr.h +3 -0
- data/src/core/lib/iomgr/is_epollexclusive_available.c +116 -0
- data/src/core/lib/iomgr/is_epollexclusive_available.h +41 -0
- data/src/core/lib/iomgr/lockfree_event.c +16 -0
- data/src/core/lib/iomgr/pollset.h +2 -5
- data/src/core/lib/iomgr/pollset_uv.c +1 -1
- data/src/core/lib/iomgr/pollset_windows.c +3 -3
- data/src/core/lib/iomgr/resource_quota.c +9 -8
- data/src/core/lib/iomgr/resource_quota.h +2 -1
- data/src/core/lib/iomgr/sockaddr_utils.h +1 -1
- data/src/core/lib/iomgr/socket_mutator.h +2 -0
- data/src/core/lib/iomgr/sys_epoll_wrapper.h +43 -0
- data/src/core/lib/iomgr/tcp_client_posix.c +6 -6
- data/src/core/lib/iomgr/tcp_client_uv.c +3 -3
- data/src/core/lib/iomgr/tcp_posix.c +7 -7
- data/src/core/lib/iomgr/tcp_posix.h +2 -1
- data/src/core/lib/iomgr/tcp_server_posix.c +1 -1
- data/src/core/lib/iomgr/tcp_uv.c +6 -6
- data/src/core/lib/iomgr/tcp_uv.h +2 -1
- data/src/core/lib/iomgr/tcp_windows.c +1 -1
- data/src/core/lib/iomgr/timer_generic.c +24 -25
- data/src/core/lib/iomgr/timer_manager.c +276 -0
- data/src/core/lib/iomgr/timer_manager.h +52 -0
- data/src/core/lib/iomgr/timer_uv.c +6 -0
- data/src/core/lib/iomgr/udp_server.c +42 -9
- data/src/core/lib/iomgr/udp_server.h +3 -1
- data/src/core/lib/security/credentials/credentials.c +0 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.c +23 -0
- data/src/core/lib/security/credentials/fake/fake_credentials.h +12 -9
- data/src/core/lib/security/credentials/google_default/google_default_credentials.c +1 -1
- data/src/core/lib/security/credentials/jwt/jwt_credentials.c +1 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.c +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.c +24 -53
- data/src/core/lib/security/transport/client_auth_filter.c +9 -3
- data/src/core/lib/security/transport/secure_endpoint.c +7 -7
- data/src/core/lib/security/transport/secure_endpoint.h +1 -1
- data/src/core/lib/security/transport/security_connector.c +32 -51
- data/src/core/lib/security/transport/security_connector.h +10 -14
- data/src/core/lib/slice/b64.c +1 -1
- data/src/core/lib/slice/percent_encoding.c +3 -3
- data/src/core/lib/slice/slice.c +66 -33
- data/src/core/lib/slice/slice_buffer.c +25 -6
- data/src/core/lib/slice/slice_hash_table.c +33 -35
- data/src/core/lib/slice/slice_hash_table.h +7 -12
- data/src/core/lib/support/atomic.h +45 -0
- data/src/core/lib/support/atomic_with_atm.h +70 -0
- data/src/core/lib/support/atomic_with_std.h +48 -0
- data/src/core/lib/support/avl.c +14 -14
- data/src/core/lib/support/memory.h +74 -0
- data/src/core/lib/support/mpscq.c +12 -1
- data/src/core/lib/support/mpscq.h +4 -0
- data/src/core/lib/support/stack_lockfree.c +3 -36
- data/src/core/lib/support/time_posix.c +8 -0
- data/src/core/lib/support/tmpfile_posix.c +10 -10
- data/src/core/lib/surface/alarm.c +3 -1
- data/src/core/lib/surface/api_trace.c +2 -1
- data/src/core/lib/surface/api_trace.h +2 -2
- data/src/core/lib/surface/byte_buffer_reader.c +1 -1
- data/src/core/lib/surface/call.c +65 -22
- data/src/core/lib/surface/call.h +4 -2
- data/src/core/lib/surface/channel_init.c +2 -19
- data/src/core/lib/surface/channel_stack_type.c +18 -0
- data/src/core/lib/surface/channel_stack_type.h +2 -0
- data/src/core/lib/surface/completion_queue.c +249 -83
- data/src/core/lib/surface/completion_queue.h +18 -13
- data/src/core/lib/surface/completion_queue_factory.c +24 -9
- data/src/core/lib/surface/init.c +1 -52
- data/src/core/lib/surface/{lame_client.c → lame_client.cc} +37 -26
- data/src/core/lib/surface/server.c +50 -27
- data/src/core/lib/surface/server.h +2 -1
- data/src/core/lib/surface/version.c +2 -2
- data/src/core/lib/transport/bdp_estimator.c +20 -9
- data/src/core/lib/transport/bdp_estimator.h +5 -1
- data/src/core/lib/transport/byte_stream.c +23 -9
- data/src/core/lib/transport/byte_stream.h +15 -6
- data/src/core/lib/transport/connectivity_state.c +6 -6
- data/src/core/lib/transport/connectivity_state.h +2 -1
- data/src/core/lib/transport/service_config.c +6 -13
- data/src/core/lib/transport/service_config.h +2 -2
- data/src/core/lib/transport/static_metadata.c +403 -389
- data/src/core/lib/transport/static_metadata.h +127 -114
- data/src/core/plugin_registry/grpc_plugin_registry.c +12 -0
- data/src/core/tsi/fake_transport_security.c +5 -4
- data/src/core/tsi/ssl_transport_security.c +71 -82
- data/src/core/tsi/ssl_transport_security.h +39 -61
- data/src/core/tsi/transport_security.c +83 -2
- data/src/core/tsi/transport_security.h +27 -2
- data/src/core/tsi/transport_security_adapter.c +236 -0
- data/src/core/tsi/transport_security_adapter.h +62 -0
- data/src/core/tsi/transport_security_interface.h +179 -66
- data/src/ruby/ext/grpc/extconf.rb +2 -1
- data/src/ruby/ext/grpc/rb_byte_buffer.c +8 -6
- data/src/ruby/ext/grpc/rb_call.c +56 -48
- data/src/ruby/ext/grpc/rb_call.h +3 -4
- data/src/ruby/ext/grpc/rb_call_credentials.c +23 -22
- data/src/ruby/ext/grpc/rb_channel.c +45 -29
- data/src/ruby/ext/grpc/rb_channel_args.c +11 -9
- data/src/ruby/ext/grpc/rb_channel_credentials.c +16 -12
- data/src/ruby/ext/grpc/rb_completion_queue.c +7 -9
- data/src/ruby/ext/grpc/rb_compression_options.c +7 -6
- data/src/ruby/ext/grpc/rb_event_thread.c +10 -12
- data/src/ruby/ext/grpc/rb_event_thread.h +1 -2
- data/src/ruby/ext/grpc/rb_grpc.c +11 -15
- data/src/ruby/ext/grpc/rb_grpc.h +2 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +14 -6
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +22 -10
- data/src/ruby/ext/grpc/rb_server.c +26 -28
- data/src/ruby/lib/grpc/version.rb +1 -1
- metadata +40 -18
- data/src/ruby/lib/grpc/grpc_c.bundle +0 -0
- data/src/ruby/lib/grpc/grpc_c.so +0 -0
@@ -396,7 +396,7 @@ static tsi_result fake_handshaker_get_bytes_to_send_to_peer(
|
|
396
396
|
if (next_message_to_send > TSI_FAKE_HANDSHAKE_MESSAGE_MAX) {
|
397
397
|
next_message_to_send = TSI_FAKE_HANDSHAKE_MESSAGE_MAX;
|
398
398
|
}
|
399
|
-
if (tsi_tracing_enabled) {
|
399
|
+
if (GRPC_TRACER_ON(tsi_tracing_enabled)) {
|
400
400
|
gpr_log(GPR_INFO, "%s prepared %s.",
|
401
401
|
impl->is_client ? "Client" : "Server",
|
402
402
|
tsi_fake_handshake_message_to_string(impl->next_message_to_send));
|
@@ -408,7 +408,7 @@ static tsi_result fake_handshaker_get_bytes_to_send_to_peer(
|
|
408
408
|
if (!impl->is_client &&
|
409
409
|
impl->next_message_to_send == TSI_FAKE_HANDSHAKE_MESSAGE_MAX) {
|
410
410
|
/* We're done. */
|
411
|
-
if (tsi_tracing_enabled) {
|
411
|
+
if (GRPC_TRACER_ON(tsi_tracing_enabled)) {
|
412
412
|
gpr_log(GPR_INFO, "Server is done.");
|
413
413
|
}
|
414
414
|
impl->result = TSI_OK;
|
@@ -445,7 +445,7 @@ static tsi_result fake_handshaker_process_bytes_from_peer(
|
|
445
445
|
tsi_fake_handshake_message_to_string(received_msg),
|
446
446
|
tsi_fake_handshake_message_to_string(expected_msg));
|
447
447
|
}
|
448
|
-
if (tsi_tracing_enabled) {
|
448
|
+
if (GRPC_TRACER_ON(tsi_tracing_enabled)) {
|
449
449
|
gpr_log(GPR_INFO, "%s received %s.", impl->is_client ? "Client" : "Server",
|
450
450
|
tsi_fake_handshake_message_to_string(received_msg));
|
451
451
|
}
|
@@ -453,7 +453,7 @@ static tsi_result fake_handshaker_process_bytes_from_peer(
|
|
453
453
|
impl->needs_incoming_message = 0;
|
454
454
|
if (impl->next_message_to_send == TSI_FAKE_HANDSHAKE_MESSAGE_MAX) {
|
455
455
|
/* We're done. */
|
456
|
-
if (tsi_tracing_enabled) {
|
456
|
+
if (GRPC_TRACER_ON(tsi_tracing_enabled)) {
|
457
457
|
gpr_log(GPR_INFO, "%s is done.", impl->is_client ? "Client" : "Server");
|
458
458
|
}
|
459
459
|
impl->result = TSI_OK;
|
@@ -499,6 +499,7 @@ static const tsi_handshaker_vtable handshaker_vtable = {
|
|
499
499
|
fake_handshaker_extract_peer,
|
500
500
|
fake_handshaker_create_frame_protector,
|
501
501
|
fake_handshaker_destroy,
|
502
|
+
NULL,
|
502
503
|
};
|
503
504
|
|
504
505
|
tsi_handshaker *tsi_create_fake_handshaker(int is_client) {
|
@@ -45,6 +45,7 @@
|
|
45
45
|
#include <ws2tcpip.h>
|
46
46
|
#else
|
47
47
|
#include <arpa/inet.h>
|
48
|
+
#include <sys/socket.h>
|
48
49
|
#endif
|
49
50
|
|
50
51
|
#include <grpc/support/alloc.h>
|
@@ -179,7 +180,7 @@ static const char *ssl_error_string(int error) {
|
|
179
180
|
/* TODO(jboeuf): Remove when we are past the debugging phase with this code. */
|
180
181
|
static void ssl_log_where_info(const SSL *ssl, int where, int flag,
|
181
182
|
const char *msg) {
|
182
|
-
if ((where & flag) && tsi_tracing_enabled) {
|
183
|
+
if ((where & flag) && GRPC_TRACER_ON(tsi_tracing_enabled)) {
|
183
184
|
gpr_log(GPR_INFO, "%20.20s - %30.30s - %5.10s", msg,
|
184
185
|
SSL_state_string_long(ssl), SSL_state_string(ssl));
|
185
186
|
}
|
@@ -478,9 +479,9 @@ static tsi_result do_ssl_write(SSL *ssl, unsigned char *unprotected_bytes,
|
|
478
479
|
}
|
479
480
|
|
480
481
|
/* Loads an in-memory PEM certificate chain into the SSL context. */
|
481
|
-
static tsi_result ssl_ctx_use_certificate_chain(
|
482
|
-
|
483
|
-
|
482
|
+
static tsi_result ssl_ctx_use_certificate_chain(SSL_CTX *context,
|
483
|
+
const char *pem_cert_chain,
|
484
|
+
size_t pem_cert_chain_size) {
|
484
485
|
tsi_result result = TSI_OK;
|
485
486
|
X509 *certificate = NULL;
|
486
487
|
BIO *pem;
|
@@ -521,8 +522,7 @@ static tsi_result ssl_ctx_use_certificate_chain(
|
|
521
522
|
}
|
522
523
|
|
523
524
|
/* Loads an in-memory PEM private key into the SSL context. */
|
524
|
-
static tsi_result ssl_ctx_use_private_key(SSL_CTX *context,
|
525
|
-
const unsigned char *pem_key,
|
525
|
+
static tsi_result ssl_ctx_use_private_key(SSL_CTX *context, const char *pem_key,
|
526
526
|
size_t pem_key_size) {
|
527
527
|
tsi_result result = TSI_OK;
|
528
528
|
EVP_PKEY *private_key = NULL;
|
@@ -548,9 +548,11 @@ static tsi_result ssl_ctx_use_private_key(SSL_CTX *context,
|
|
548
548
|
|
549
549
|
/* Loads in-memory PEM verification certs into the SSL context and optionally
|
550
550
|
returns the verification cert names (root_names can be NULL). */
|
551
|
-
static tsi_result ssl_ctx_load_verification_certs(
|
552
|
-
|
553
|
-
|
551
|
+
static tsi_result ssl_ctx_load_verification_certs(SSL_CTX *context,
|
552
|
+
const char *pem_roots,
|
553
|
+
size_t pem_roots_size,
|
554
|
+
STACK_OF(X509_NAME) *
|
555
|
+
*root_names) {
|
554
556
|
tsi_result result = TSI_OK;
|
555
557
|
size_t num_roots = 0;
|
556
558
|
X509 *root = NULL;
|
@@ -617,24 +619,25 @@ static tsi_result ssl_ctx_load_verification_certs(
|
|
617
619
|
/* Populates the SSL context with a private key and a cert chain, and sets the
|
618
620
|
cipher list and the ephemeral ECDH key. */
|
619
621
|
static tsi_result populate_ssl_context(
|
620
|
-
SSL_CTX *context, const
|
621
|
-
|
622
|
-
size_t pem_certificate_chain_size, const char *cipher_list) {
|
622
|
+
SSL_CTX *context, const tsi_ssl_pem_key_cert_pair *key_cert_pair,
|
623
|
+
const char *cipher_list) {
|
623
624
|
tsi_result result = TSI_OK;
|
624
|
-
if (
|
625
|
-
|
626
|
-
|
627
|
-
|
628
|
-
|
629
|
-
|
625
|
+
if (key_cert_pair != NULL) {
|
626
|
+
if (key_cert_pair->cert_chain != NULL) {
|
627
|
+
result = ssl_ctx_use_certificate_chain(context, key_cert_pair->cert_chain,
|
628
|
+
strlen(key_cert_pair->cert_chain));
|
629
|
+
if (result != TSI_OK) {
|
630
|
+
gpr_log(GPR_ERROR, "Invalid cert chain file.");
|
631
|
+
return result;
|
632
|
+
}
|
630
633
|
}
|
631
|
-
|
632
|
-
|
633
|
-
|
634
|
-
|
635
|
-
|
636
|
-
|
637
|
-
|
634
|
+
if (key_cert_pair->private_key != NULL) {
|
635
|
+
result = ssl_ctx_use_private_key(context, key_cert_pair->private_key,
|
636
|
+
strlen(key_cert_pair->private_key));
|
637
|
+
if (result != TSI_OK || !SSL_CTX_check_private_key(context)) {
|
638
|
+
gpr_log(GPR_ERROR, "Invalid private key.");
|
639
|
+
return result != TSI_OK ? result : TSI_INVALID_ARGUMENT;
|
640
|
+
}
|
638
641
|
}
|
639
642
|
}
|
640
643
|
if ((cipher_list != NULL) && !SSL_CTX_set_cipher_list(context, cipher_list)) {
|
@@ -655,13 +658,12 @@ static tsi_result populate_ssl_context(
|
|
655
658
|
}
|
656
659
|
|
657
660
|
/* Extracts the CN and the SANs from an X509 cert as a peer object. */
|
658
|
-
static tsi_result extract_x509_subject_names_from_pem_cert(
|
659
|
-
|
661
|
+
static tsi_result extract_x509_subject_names_from_pem_cert(const char *pem_cert,
|
662
|
+
tsi_peer *peer) {
|
660
663
|
tsi_result result = TSI_OK;
|
661
664
|
X509 *cert = NULL;
|
662
665
|
BIO *pem;
|
663
|
-
|
664
|
-
pem = BIO_new_mem_buf((void *)pem_cert, (int)pem_cert_size);
|
666
|
+
pem = BIO_new_mem_buf((void *)pem_cert, (int)strlen(pem_cert));
|
665
667
|
if (pem == NULL) return TSI_OUT_OF_RESOURCES;
|
666
668
|
|
667
669
|
cert = PEM_read_bio_X509(pem, NULL, NULL, "");
|
@@ -678,8 +680,7 @@ static tsi_result extract_x509_subject_names_from_pem_cert(
|
|
678
680
|
|
679
681
|
/* Builds the alpn protocol name list according to rfc 7301. */
|
680
682
|
static tsi_result build_alpn_protocol_name_list(
|
681
|
-
const
|
682
|
-
const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
|
683
|
+
const char **alpn_protocols, uint16_t num_alpn_protocols,
|
683
684
|
unsigned char **protocol_name_list, size_t *protocol_name_list_length) {
|
684
685
|
uint16_t i;
|
685
686
|
unsigned char *current;
|
@@ -687,19 +688,21 @@ static tsi_result build_alpn_protocol_name_list(
|
|
687
688
|
*protocol_name_list_length = 0;
|
688
689
|
if (num_alpn_protocols == 0) return TSI_INVALID_ARGUMENT;
|
689
690
|
for (i = 0; i < num_alpn_protocols; i++) {
|
690
|
-
|
691
|
-
|
691
|
+
size_t length = alpn_protocols[i] == NULL ? 0 : strlen(alpn_protocols[i]);
|
692
|
+
if (length == 0 || length > 255) {
|
693
|
+
gpr_log(GPR_ERROR, "Invalid protocol name length: %d.", (int)length);
|
692
694
|
return TSI_INVALID_ARGUMENT;
|
693
695
|
}
|
694
|
-
*protocol_name_list_length +=
|
696
|
+
*protocol_name_list_length += length + 1;
|
695
697
|
}
|
696
698
|
*protocol_name_list = gpr_malloc(*protocol_name_list_length);
|
697
699
|
if (*protocol_name_list == NULL) return TSI_OUT_OF_RESOURCES;
|
698
700
|
current = *protocol_name_list;
|
699
701
|
for (i = 0; i < num_alpn_protocols; i++) {
|
700
|
-
|
701
|
-
|
702
|
-
current
|
702
|
+
size_t length = strlen(alpn_protocols[i]);
|
703
|
+
*(current++) = (uint8_t)length; /* max checked above. */
|
704
|
+
memcpy(current, alpn_protocols[i], length);
|
705
|
+
current += length;
|
703
706
|
}
|
704
707
|
/* Safety check. */
|
705
708
|
if ((current < *protocol_name_list) ||
|
@@ -1039,6 +1042,7 @@ static const tsi_handshaker_vtable handshaker_vtable = {
|
|
1039
1042
|
ssl_handshaker_extract_peer,
|
1040
1043
|
ssl_handshaker_create_frame_protector,
|
1041
1044
|
ssl_handshaker_destroy,
|
1045
|
+
NULL,
|
1042
1046
|
};
|
1043
1047
|
|
1044
1048
|
/* --- tsi_ssl_handshaker_factory common methods. --- */
|
@@ -1279,11 +1283,9 @@ static int server_handshaker_factory_npn_advertised_callback(
|
|
1279
1283
|
/* --- tsi_ssl_handshaker_factory constructors. --- */
|
1280
1284
|
|
1281
1285
|
tsi_result tsi_create_ssl_client_handshaker_factory(
|
1282
|
-
const
|
1283
|
-
const
|
1284
|
-
const
|
1285
|
-
const char *cipher_list, const unsigned char **alpn_protocols,
|
1286
|
-
const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
|
1286
|
+
const tsi_ssl_pem_key_cert_pair *pem_key_cert_pair,
|
1287
|
+
const char *pem_root_certs, const char *cipher_suites,
|
1288
|
+
const char **alpn_protocols, uint16_t num_alpn_protocols,
|
1287
1289
|
tsi_ssl_client_handshaker_factory **factory) {
|
1288
1290
|
SSL_CTX *ssl_context = NULL;
|
1289
1291
|
tsi_ssl_client_handshaker_factory *impl = NULL;
|
@@ -1306,20 +1308,19 @@ tsi_result tsi_create_ssl_client_handshaker_factory(
|
|
1306
1308
|
|
1307
1309
|
do {
|
1308
1310
|
result =
|
1309
|
-
populate_ssl_context(ssl_context,
|
1310
|
-
pem_cert_chain, pem_cert_chain_size, cipher_list);
|
1311
|
+
populate_ssl_context(ssl_context, pem_key_cert_pair, cipher_suites);
|
1311
1312
|
if (result != TSI_OK) break;
|
1312
1313
|
result = ssl_ctx_load_verification_certs(ssl_context, pem_root_certs,
|
1313
|
-
|
1314
|
+
strlen(pem_root_certs), NULL);
|
1314
1315
|
if (result != TSI_OK) {
|
1315
1316
|
gpr_log(GPR_ERROR, "Cannot load server root certificates.");
|
1316
1317
|
break;
|
1317
1318
|
}
|
1318
1319
|
|
1319
1320
|
if (num_alpn_protocols != 0) {
|
1320
|
-
result = build_alpn_protocol_name_list(
|
1321
|
-
|
1322
|
-
|
1321
|
+
result = build_alpn_protocol_name_list(alpn_protocols, num_alpn_protocols,
|
1322
|
+
&impl->alpn_protocol_list,
|
1323
|
+
&impl->alpn_protocol_list_length);
|
1323
1324
|
if (result != TSI_OK) {
|
1324
1325
|
gpr_log(GPR_ERROR, "Building alpn list failed with error %s.",
|
1325
1326
|
tsi_result_to_string(result));
|
@@ -1351,34 +1352,24 @@ tsi_result tsi_create_ssl_client_handshaker_factory(
|
|
1351
1352
|
}
|
1352
1353
|
|
1353
1354
|
tsi_result tsi_create_ssl_server_handshaker_factory(
|
1354
|
-
const
|
1355
|
-
|
1356
|
-
const
|
1357
|
-
const
|
1358
|
-
size_t pem_client_root_certs_size, int force_client_auth,
|
1359
|
-
const char *cipher_list, const unsigned char **alpn_protocols,
|
1360
|
-
const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
|
1355
|
+
const tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs,
|
1356
|
+
size_t num_key_cert_pairs, const char *pem_client_root_certs,
|
1357
|
+
int force_client_auth, const char *cipher_suites,
|
1358
|
+
const char **alpn_protocols, uint16_t num_alpn_protocols,
|
1361
1359
|
tsi_ssl_server_handshaker_factory **factory) {
|
1362
1360
|
return tsi_create_ssl_server_handshaker_factory_ex(
|
1363
|
-
|
1364
|
-
pem_cert_chains_sizes, key_cert_pair_count, pem_client_root_certs,
|
1365
|
-
pem_client_root_certs_size,
|
1361
|
+
pem_key_cert_pairs, num_key_cert_pairs, pem_client_root_certs,
|
1366
1362
|
force_client_auth ? TSI_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
|
1367
1363
|
: TSI_DONT_REQUEST_CLIENT_CERTIFICATE,
|
1368
|
-
|
1369
|
-
factory);
|
1364
|
+
cipher_suites, alpn_protocols, num_alpn_protocols, factory);
|
1370
1365
|
}
|
1371
1366
|
|
1372
1367
|
tsi_result tsi_create_ssl_server_handshaker_factory_ex(
|
1373
|
-
const
|
1374
|
-
|
1375
|
-
const size_t *pem_cert_chains_sizes, size_t key_cert_pair_count,
|
1376
|
-
const unsigned char *pem_client_root_certs,
|
1377
|
-
size_t pem_client_root_certs_size,
|
1368
|
+
const tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs,
|
1369
|
+
size_t num_key_cert_pairs, const char *pem_client_root_certs,
|
1378
1370
|
tsi_client_certificate_request_type client_certificate_request,
|
1379
|
-
const char *
|
1380
|
-
|
1381
|
-
tsi_ssl_server_handshaker_factory **factory) {
|
1371
|
+
const char *cipher_suites, const char **alpn_protocols,
|
1372
|
+
uint16_t num_alpn_protocols, tsi_ssl_server_handshaker_factory **factory) {
|
1382
1373
|
tsi_ssl_server_handshaker_factory *impl = NULL;
|
1383
1374
|
tsi_result result = TSI_OK;
|
1384
1375
|
size_t i = 0;
|
@@ -1387,33 +1378,32 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
|
|
1387
1378
|
|
1388
1379
|
if (factory == NULL) return TSI_INVALID_ARGUMENT;
|
1389
1380
|
*factory = NULL;
|
1390
|
-
if (
|
1391
|
-
pem_cert_chains == NULL) {
|
1381
|
+
if (num_key_cert_pairs == 0 || pem_key_cert_pairs == NULL) {
|
1392
1382
|
return TSI_INVALID_ARGUMENT;
|
1393
1383
|
}
|
1394
1384
|
|
1395
1385
|
impl = gpr_zalloc(sizeof(*impl));
|
1396
|
-
impl->ssl_contexts = gpr_zalloc(
|
1386
|
+
impl->ssl_contexts = gpr_zalloc(num_key_cert_pairs * sizeof(SSL_CTX *));
|
1397
1387
|
impl->ssl_context_x509_subject_names =
|
1398
|
-
gpr_zalloc(
|
1388
|
+
gpr_zalloc(num_key_cert_pairs * sizeof(tsi_peer));
|
1399
1389
|
if (impl->ssl_contexts == NULL ||
|
1400
1390
|
impl->ssl_context_x509_subject_names == NULL) {
|
1401
1391
|
tsi_ssl_server_handshaker_factory_destroy(impl);
|
1402
1392
|
return TSI_OUT_OF_RESOURCES;
|
1403
1393
|
}
|
1404
|
-
impl->ssl_context_count =
|
1394
|
+
impl->ssl_context_count = num_key_cert_pairs;
|
1405
1395
|
|
1406
1396
|
if (num_alpn_protocols > 0) {
|
1407
|
-
result = build_alpn_protocol_name_list(
|
1408
|
-
|
1409
|
-
|
1397
|
+
result = build_alpn_protocol_name_list(alpn_protocols, num_alpn_protocols,
|
1398
|
+
&impl->alpn_protocol_list,
|
1399
|
+
&impl->alpn_protocol_list_length);
|
1410
1400
|
if (result != TSI_OK) {
|
1411
1401
|
tsi_ssl_server_handshaker_factory_destroy(impl);
|
1412
1402
|
return result;
|
1413
1403
|
}
|
1414
1404
|
}
|
1415
1405
|
|
1416
|
-
for (i = 0; i <
|
1406
|
+
for (i = 0; i < num_key_cert_pairs; i++) {
|
1417
1407
|
do {
|
1418
1408
|
impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
|
1419
1409
|
if (impl->ssl_contexts[i] == NULL) {
|
@@ -1421,16 +1411,15 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
|
|
1421
1411
|
result = TSI_OUT_OF_RESOURCES;
|
1422
1412
|
break;
|
1423
1413
|
}
|
1424
|
-
result = populate_ssl_context(
|
1425
|
-
|
1426
|
-
pem_cert_chains[i], pem_cert_chains_sizes[i], cipher_list);
|
1414
|
+
result = populate_ssl_context(impl->ssl_contexts[i],
|
1415
|
+
&pem_key_cert_pairs[i], cipher_suites);
|
1427
1416
|
if (result != TSI_OK) break;
|
1428
1417
|
|
1429
1418
|
if (pem_client_root_certs != NULL) {
|
1430
1419
|
STACK_OF(X509_NAME) *root_names = NULL;
|
1431
1420
|
result = ssl_ctx_load_verification_certs(
|
1432
1421
|
impl->ssl_contexts[i], pem_client_root_certs,
|
1433
|
-
|
1422
|
+
strlen(pem_client_root_certs), &root_names);
|
1434
1423
|
if (result != TSI_OK) {
|
1435
1424
|
gpr_log(GPR_ERROR, "Invalid verification certs.");
|
1436
1425
|
break;
|
@@ -1463,7 +1452,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex(
|
|
1463
1452
|
}
|
1464
1453
|
|
1465
1454
|
result = extract_x509_subject_names_from_pem_cert(
|
1466
|
-
|
1455
|
+
pem_key_cert_pairs[i].cert_chain,
|
1467
1456
|
&impl->ssl_context_x509_subject_names[i]);
|
1468
1457
|
if (result != TSI_OK) break;
|
1469
1458
|
|
@@ -60,27 +60,32 @@ extern "C" {
|
|
60
60
|
typedef struct tsi_ssl_client_handshaker_factory
|
61
61
|
tsi_ssl_client_handshaker_factory;
|
62
62
|
|
63
|
+
/* Object that holds a private key / certificate chain pair in PEM format. */
|
64
|
+
typedef struct {
|
65
|
+
/* private_key is the NULL-terminated string containing the PEM encoding of
|
66
|
+
the client's private key. */
|
67
|
+
const char *private_key;
|
68
|
+
|
69
|
+
/* cert_chain is the NULL-terminated string containing the PEM encoding of
|
70
|
+
the client's certificate chain. */
|
71
|
+
const char *cert_chain;
|
72
|
+
} tsi_ssl_pem_key_cert_pair;
|
73
|
+
|
63
74
|
/* Creates a client handshaker factory.
|
64
|
-
-
|
65
|
-
|
66
|
-
|
67
|
-
-
|
68
|
-
|
69
|
-
|
70
|
-
a certificate chain.
|
71
|
-
- pem_cert_chain_size is the size of the associated buffer.
|
72
|
-
- pem_roots_cert is the buffer containing the PEM encoding of the server
|
73
|
-
root certificates. This parameter cannot be NULL.
|
74
|
-
- pem_roots_cert_size is the size of the associated buffer.
|
75
|
+
- pem_key_cert_pair is a pointer to the object containing client's private
|
76
|
+
key and certificate chain. This parameter can be NULL if the client does
|
77
|
+
not have such a key/cert pair.
|
78
|
+
- pem_roots_cert is the NULL-terminated string containing the PEM encoding of
|
79
|
+
the client root certificates. This parameter may be NULL if the server does
|
80
|
+
not want the client to be authenticated with SSL.
|
75
81
|
- cipher_suites contains an optional list of the ciphers that the client
|
76
82
|
supports. The format of this string is described in:
|
77
83
|
https://www.openssl.org/docs/apps/ciphers.html.
|
78
84
|
This parameter can be set to NULL to use the default set of ciphers.
|
79
85
|
TODO(jboeuf): Revisit the format of this parameter.
|
80
|
-
- alpn_protocols is an array containing the protocol names
|
81
|
-
handshakers created with this factory support. This parameter can
|
82
|
-
|
83
|
-
protocols specified in alpn_protocols. This parameter can be NULL.
|
86
|
+
- alpn_protocols is an array containing the NULL terminated protocol names
|
87
|
+
that the handshakers created with this factory support. This parameter can
|
88
|
+
be NULL.
|
84
89
|
- num_alpn_protocols is the number of alpn protocols and associated lengths
|
85
90
|
specified. If this parameter is 0, the other alpn parameters must be NULL.
|
86
91
|
- factory is the address of the factory pointer to be created.
|
@@ -88,11 +93,9 @@ typedef struct tsi_ssl_client_handshaker_factory
|
|
88
93
|
- This method returns TSI_OK on success or TSI_INVALID_PARAMETER in the case
|
89
94
|
where a parameter is invalid. */
|
90
95
|
tsi_result tsi_create_ssl_client_handshaker_factory(
|
91
|
-
const
|
92
|
-
const
|
93
|
-
const
|
94
|
-
const char *cipher_suites, const unsigned char **alpn_protocols,
|
95
|
-
const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
|
96
|
+
const tsi_ssl_pem_key_cert_pair *pem_key_cert_pair,
|
97
|
+
const char *pem_root_certs, const char *cipher_suites,
|
98
|
+
const char **alpn_protocols, uint16_t num_alpn_protocols,
|
96
99
|
tsi_ssl_client_handshaker_factory **factory);
|
97
100
|
|
98
101
|
/* Creates a client handshaker.
|
@@ -122,37 +125,19 @@ typedef struct tsi_ssl_server_handshaker_factory
|
|
122
125
|
tsi_ssl_server_handshaker_factory;
|
123
126
|
|
124
127
|
/* Creates a server handshaker factory.
|
125
|
-
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
buffers.
|
131
|
-
- pem_cert_chains is an array containing the PEM encoding of the server's
|
132
|
-
cert chains. This parameter cannot be NULL. The size of the array is
|
133
|
-
given by the key_cert_pair_count parameter.
|
134
|
-
- pem_cert_chains_sizes is the array containing the sizes of the associated
|
135
|
-
buffers.
|
136
|
-
- key_cert_pair_count indicates the number of items in the private_key_files
|
137
|
-
and cert_chain_files parameters.
|
138
|
-
- pem_client_roots is the buffer containing the PEM encoding of the client
|
139
|
-
root certificates. This parameter may be NULL in which case the server will
|
140
|
-
not authenticate the client. If not NULL, the force_client_auth parameter
|
141
|
-
specifies if the server will accept only authenticated clients or both
|
142
|
-
authenticated and non-authenticated clients.
|
143
|
-
- pem_client_root_certs_size is the size of the associated buffer.
|
144
|
-
- force_client_auth, if set to non-zero will force the client to authenticate
|
145
|
-
with an SSL cert. Note that this option is ignored if pem_client_root_certs
|
146
|
-
is NULL or pem_client_roots_certs_size is 0
|
128
|
+
- pem_key_cert_pairs is an array private key / certificate chains of the
|
129
|
+
server.
|
130
|
+
- num_key_cert_pairs is the number of items in the pem_key_cert_pairs array.
|
131
|
+
- pem_root_certs is the NULL-terminated string containing the PEM encoding
|
132
|
+
of the server root certificates.
|
147
133
|
- cipher_suites contains an optional list of the ciphers that the server
|
148
134
|
supports. The format of this string is described in:
|
149
135
|
https://www.openssl.org/docs/apps/ciphers.html.
|
150
136
|
This parameter can be set to NULL to use the default set of ciphers.
|
151
137
|
TODO(jboeuf): Revisit the format of this parameter.
|
152
|
-
- alpn_protocols is an array containing the protocol names
|
153
|
-
handshakers created with this factory support. This parameter can
|
154
|
-
|
155
|
-
protocols specified in alpn_protocols. This parameter can be NULL.
|
138
|
+
- alpn_protocols is an array containing the NULL terminated protocol names
|
139
|
+
that the handshakers created with this factory support. This parameter can
|
140
|
+
be NULL.
|
156
141
|
- num_alpn_protocols is the number of alpn protocols and associated lengths
|
157
142
|
specified. If this parameter is 0, the other alpn parameters must be NULL.
|
158
143
|
- factory is the address of the factory pointer to be created.
|
@@ -160,13 +145,10 @@ typedef struct tsi_ssl_server_handshaker_factory
|
|
160
145
|
- This method returns TSI_OK on success or TSI_INVALID_PARAMETER in the case
|
161
146
|
where a parameter is invalid. */
|
162
147
|
tsi_result tsi_create_ssl_server_handshaker_factory(
|
163
|
-
const
|
164
|
-
|
165
|
-
const
|
166
|
-
const
|
167
|
-
size_t pem_client_root_certs_size, int force_client_auth,
|
168
|
-
const char *cipher_suites, const unsigned char **alpn_protocols,
|
169
|
-
const unsigned char *alpn_protocols_lengths, uint16_t num_alpn_protocols,
|
148
|
+
const tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs,
|
149
|
+
size_t num_key_cert_pairs, const char *pem_client_root_certs,
|
150
|
+
int force_client_auth, const char *cipher_suites,
|
151
|
+
const char **alpn_protocols, uint16_t num_alpn_protocols,
|
170
152
|
tsi_ssl_server_handshaker_factory **factory);
|
171
153
|
|
172
154
|
/* Same as tsi_create_ssl_server_handshaker_factory method except uses
|
@@ -176,15 +158,11 @@ tsi_result tsi_create_ssl_server_handshaker_factory(
|
|
176
158
|
authenticate with an SSL cert. Note that this option is ignored if
|
177
159
|
pem_client_root_certs is NULL or pem_client_roots_certs_size is 0 */
|
178
160
|
tsi_result tsi_create_ssl_server_handshaker_factory_ex(
|
179
|
-
const
|
180
|
-
|
181
|
-
const size_t *pem_cert_chains_sizes, size_t key_cert_pair_count,
|
182
|
-
const unsigned char *pem_client_root_certs,
|
183
|
-
size_t pem_client_root_certs_size,
|
161
|
+
const tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs,
|
162
|
+
size_t num_key_cert_pairs, const char *pem_client_root_certs,
|
184
163
|
tsi_client_certificate_request_type client_certificate_request,
|
185
|
-
const char *cipher_suites, const
|
186
|
-
|
187
|
-
tsi_ssl_server_handshaker_factory **factory);
|
164
|
+
const char *cipher_suites, const char **alpn_protocols,
|
165
|
+
uint16_t num_alpn_protocols, tsi_ssl_server_handshaker_factory **factory);
|
188
166
|
|
189
167
|
/* Creates a server handshaker.
|
190
168
|
- self is the factory from which the handshaker will be created.
|