diff options
| author |  Julien Boeuf <jboeuf@google.com> | 2016-01-27 15:41:12 -0800 |
|---|---|---|
| committer | Julien Boeuf <jboeuf@google.com> | 2016-01-27 15:41:12 -0800 |
| commit | 373debd5c094a3a1c60b2d1b4adc420e933653e7 (patch) | |
| tree | 02aad31c9e3961a869047e231bde13178a33ed98 /include/grpc/grpc_security.h | |
| parent | 26e4f5b1b6478809edc576646d3b4cd24562d549 (diff) | |
Adding a function to override the ssl default roots path.
Fixes the first part of #4834.
Diffstat (limited to 'include/grpc/grpc_security.h')
| -rw-r--r-- | include/grpc/grpc_security.h | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 655f45a29b..46e493b347 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -143,6 +143,16 @@ grpc_channel_credentials *grpc_google_default_credentials_create(void); #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \ "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH" +/* Overrides the default path for TLS/SSL roots. + The path must point to a PEM encoded file with all the roots such as the one + that can be downloaded from https://pki.google.com/roots.pem. + This function is not thread-safe and must be called at initialization time + before any ssl credentials are created to have the desired side effect. + It also does not do any checks about the validity or contents of the path. + If the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set, it will override + the roots_path specified in this function. */ +void grpc_override_ssl_default_roots_file_path(const char *roots_path); + /* Object that holds a private key / certificate chain pair in PEM format. */ typedef struct { /* private_key is the NULL-terminated string containing the PEM encoding of @@ -159,8 +169,10 @@ typedef struct { of the server root certificates. If this parameter is NULL, the implementation will first try to dereference the file pointed by the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails, - get the roots from a well-known place on disk (in the grpc install - directory). + try to get the roots from the path specified in the function + grpc_override_ssl_default_roots_file_path. Eventually, if all these fail, + it will try to get the roots from a well-known place on disk (in the grpc + install directory). - pem_key_cert_pair is a pointer on the object containing client's private key and certificate chain. This parameter can be NULL if the client does not have such a key/cert pair. */ |