diff options
author | Julien Boeuf <jboeuf@google.com> | 2016-01-27 16:23:41 -0800 |
---|---|---|
committer | Julien Boeuf <jboeuf@google.com> | 2016-01-27 16:23:41 -0800 |
commit | a50da4757ae7eb75b67d78b7e82fba79d2c987da (patch) | |
tree | ede3dac93b6288e47edbcd8c26b5f7e0eb32f84e /include/grpc/grpc_security.h | |
parent | 373debd5c094a3a1c60b2d1b4adc420e933653e7 (diff) |
Addressing comments.
The new API is now actually useful...
Diffstat (limited to 'include/grpc/grpc_security.h')
-rw-r--r-- | include/grpc/grpc_security.h | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 46e493b347..c588ec3f1c 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -143,15 +143,14 @@ grpc_channel_credentials *grpc_google_default_credentials_create(void); #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \ "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH" -/* Overrides the default path for TLS/SSL roots. - The path must point to a PEM encoded file with all the roots such as the one - that can be downloaded from https://pki.google.com/roots.pem. +/* Overrides the default TLS/SSL roots. + The roots must be encoded as PEM and NULL-terminated. This function is not thread-safe and must be called at initialization time before any ssl credentials are created to have the desired side effect. - It also does not do any checks about the validity or contents of the path. - If the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set, it will override - the roots_path specified in this function. */ -void grpc_override_ssl_default_roots_file_path(const char *roots_path); + It also does not do any checks about the validity of the encoding. + If the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set to a valid path, + it will override the roots specified in this function. */ +void grpc_override_ssl_default_roots(const char *roots_pem); /* Object that holds a private key / certificate chain pair in PEM format. */ typedef struct { @@ -169,10 +168,9 @@ typedef struct { of the server root certificates. If this parameter is NULL, the implementation will first try to dereference the file pointed by the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails, - try to get the roots from the path specified in the function - grpc_override_ssl_default_roots_file_path. Eventually, if all these fail, - it will try to get the roots from a well-known place on disk (in the grpc - install directory). + try to get the roots set by grpc_override_ssl_default_roots. Eventually, + if all these fail, it will try to get the roots from a well-known place on + disk (in the grpc install directory). - pem_key_cert_pair is a pointer on the object containing client's private key and certificate chain. This parameter can be NULL if the client does not have such a key/cert pair. */ |