diff options
author | Jan Tattermusch <jtattermusch@users.noreply.github.com> | 2018-08-30 20:57:40 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-30 20:57:40 +0200 |
commit | 525c59f74cbfe5300ce0c21dbd00fcf7a01e9934 (patch) | |
tree | c6d825585781e6297faa114a2e26b993791cfc8e | |
parent | 2a546aeb498c5bff9cf956d997c1226e6f2aa954 (diff) | |
parent | bc8f515fb8a9053c05d2a62336fe181113262a17 (diff) |
Merge pull request #16443 from jtattermusch/improve_security_constants_doc
Improve doc comments for security constants
-rw-r--r-- | include/grpc/grpc_security_constants.h | 43 |
1 files changed, 24 insertions, 19 deletions
diff --git a/include/grpc/grpc_security_constants.h b/include/grpc/grpc_security_constants.h index 944a1e927f..f935557f2d 100644 --- a/include/grpc/grpc_security_constants.h +++ b/include/grpc/grpc_security_constants.h @@ -57,46 +57,51 @@ typedef enum { } grpc_ssl_certificate_config_reload_status; typedef enum { - /** Server does not request client certificate. A client can present a self - signed or signed certificates if it wishes to do so and they would be - accepted. */ + /** Server does not request client certificate. + The certificate presented by the client is not checked by the server at + all. (A client may present a self signed or signed certificate or not + present a certificate at all and any of those option would be accepted) */ GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, /** Server requests client certificate but does not enforce that the client presents a certificate. If the client presents a certificate, the client authentication is left to - the application based on the metadata like certificate etc. + the application (the necessary metadata will be available to the + application via authentication context properties, see grpc_auth_context). - The key cert pair should still be valid for the SSL connection to be - established. */ + The client's key certificate pair must be valid for the SSL connection to + be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, /** Server requests client certificate but does not enforce that the client presents a certificate. If the client presents a certificate, the client authentication is done by - grpc framework (The client needs to either present a signed cert or skip no - certificate for a successful connection). + the gRPC framework. (For a successful connection the client needs to either + present a certificate that can be verified against the root certificate + configured by the server or not present a certificate at all) - The key cert pair should still be valid for the SSL connection to be - established. */ + The client's key certificate pair must be valid for the SSL connection to + be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, - /** Server requests client certificate but enforces that the client presents a + /** Server requests client certificate and enforces that the client presents a certificate. If the client presents a certificate, the client authentication is left to - the application based on the metadata like certificate etc. + the application (the necessary metadata will be available to the + application via authentication context properties, see grpc_auth_context). - The key cert pair should still be valid for the SSL connection to be - established. */ + The client's key certificate pair must be valid for the SSL connection to + be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, - /** Server requests client certificate but enforces that the client presents a + /** Server requests client certificate and enforces that the client presents a certificate. - The cerificate presented by the client is verified by grpc framework (The - client needs to present signed certs for a successful connection). + The cerificate presented by the client is verified by the gRPC framework. + (For a successful connection the client needs to present a certificate that + can be verified against the root certificate configured by the server) - The key cert pair should still be valid for the SSL connection to be - established. */ + The client's key certificate pair must be valid for the SSL connection to + be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY } grpc_ssl_client_certificate_request_type; |