aboutsummaryrefslogtreecommitdiffhomepage
path: root/include/grpc++
diff options
context:
space:
mode:
authorGravatar Deepak Lukose <deepaklukose@google.com>2016-03-25 12:54:25 -0700
committerGravatar Deepak Lukose <deepaklukose@google.com>2016-04-19 15:02:06 -0700
commitdba4c5fd0144b68916b4dc2bbbd02d12c2e12041 (patch)
treef7284c54983f7bd9859453dc4e2111a80442441f /include/grpc++
parent17735908ed4eb1c54bd1b3652062b49f58a985e3 (diff)
Add various options to verify ssl/tls client cert including letting the
application handle the authentication.
Diffstat (limited to 'include/grpc++')
-rw-r--r--include/grpc++/security/server_credentials.h15
1 files changed, 14 insertions, 1 deletions
diff --git a/include/grpc++/security/server_credentials.h b/include/grpc++/security/server_credentials.h
index 5a9f8a42e2..229bab8d84 100644
--- a/include/grpc++/security/server_credentials.h
+++ b/include/grpc++/security/server_credentials.h
@@ -39,6 +39,7 @@
#include <grpc++/security/auth_metadata_processor.h>
#include <grpc++/support/config.h>
+#include <grpc/grpc_security_constants.h>
struct grpc_server;
@@ -69,7 +70,13 @@ class ServerCredentials {
/// Options to create ServerCredentials with SSL
struct SslServerCredentialsOptions {
- SslServerCredentialsOptions() : force_client_auth(false) {}
+ // Deprecated
+ SslServerCredentialsOptions()
+ : force_client_auth(false),
+ client_certificate_request(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE) {}
+ SslServerCredentialsOptions(
+ grpc_ssl_client_certificate_request_type request_type)
+ : force_client_auth(false), client_certificate_request(request_type) {}
struct PemKeyCertPair {
grpc::string private_key;
@@ -77,7 +84,13 @@ struct SslServerCredentialsOptions {
};
grpc::string pem_root_certs;
std::vector<PemKeyCertPair> pem_key_cert_pairs;
+ // Deprecated
bool force_client_auth;
+
+ // If both force_client_auth and client_certificate_request fields are set,
+ // force_client_auth takes effect i.e
+ // REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY will be enforced.
+ grpc_ssl_client_certificate_request_type client_certificate_request;
};
/// Builds SSL ServerCredentials given SSL specific options