diff options
| author |  Jan Tattermusch <jtattermusch@google.com> | 2018-08-30 19:28:30 +0200 |
|---|---|---|
| committer | Jan Tattermusch <jtattermusch@google.com> | 2018-08-30 19:28:30 +0200 |
| commit | 2bc7b8e0a3975352eeffcb7751d6aef687fd1284 (patch) | |
| tree | b81b344b57b236e4cc896dd509d4acf0ab0d90e8 /include/grpc | |
| parent | 458775d4f956072c965eaf3bc24a972daee840a7 (diff) | |
address comments
Diffstat (limited to 'include/grpc')
| -rw-r--r-- | include/grpc/grpc_security_constants.h | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/include/grpc/grpc_security_constants.h b/include/grpc/grpc_security_constants.h index c115cd3659..7f7c89d667 100644 --- a/include/grpc/grpc_security_constants.h +++ b/include/grpc/grpc_security_constants.h @@ -57,9 +57,10 @@ typedef enum { } grpc_ssl_certificate_config_reload_status; typedef enum { - /** Server does not request client certificate. A client may present a self - signed or signed certificate or not present a certificate at all and any of - those option would be accepted. */ + /** Server does not request client certificate. + The certificate presented by the client is not checked by the server at all. + (A client may present a self signed or signed certificate or not present a certificate at all and any of + those option would be accepted) */ GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, /** Server requests client certificate but does not enforce that the client presents a certificate. @@ -68,17 +69,18 @@ typedef enum { the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context). - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, /** Server requests client certificate but does not enforce that the client presents a certificate. If the client presents a certificate, the client authentication is done by - the gRPC framework (the client needs to either present a signed cert or not - present a certificate at all for a successful connection). + the gRPC framework. (For a successful connection the client needs to either + present a certificate that can be verified against the root certificate configured by the server + or not present a certificate at all) - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, /** Server requests client certificate and enforces that the client presents a @@ -88,16 +90,17 @@ typedef enum { the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context). - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, /** Server requests client certificate and enforces that the client presents a certificate. - The cerificate presented by the client is verified by the gRPC framework - (the client needs to present signed certs for a successful connection). + The cerificate presented by the client is verified by the gRPC framework. + (For a successful connection the client needs to present a certificate that can be verified against + the root certificate configured by the server) - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY } grpc_ssl_client_certificate_request_type; |