diff options
author | 2015-02-02 18:36:37 -0800 | |
---|---|---|
committer | 2015-02-02 18:36:37 -0800 | |
commit | 026a417defcd13d0ae5e8a8ddb67c18ff02fa142 (patch) | |
tree | f281e17daf09a21193d0befb82418151e1036220 /include | |
parent | 40562576bc1b159c7cac873dadb89e51c95d325e (diff) |
Adding support for loading the SSL roots from an environment variable.
- Had to add support for files and environment variables as well.
- I can't compile on windows so I'm sure there will be some issues.
- Tested end-to-end with the simple ssl fullstack test.
Diffstat (limited to 'include')
-rw-r--r-- | include/grpc++/credentials.h | 3 | ||||
-rw-r--r-- | include/grpc/grpc_security.h | 6 | ||||
-rw-r--r-- | include/grpc/support/port_platform.h | 6 |
3 files changed, 13 insertions, 2 deletions
diff --git a/include/grpc++/credentials.h b/include/grpc++/credentials.h index 987d890b4f..52304d7f36 100644 --- a/include/grpc++/credentials.h +++ b/include/grpc++/credentials.h @@ -66,14 +66,13 @@ class Credentials final { // Options used to build SslCredentials // pem_roots_cert is the buffer containing the PEM encoding of the server root -// certificates. This parameter cannot be empty. +// certificates. If this parameter is empty, the default roots will be used. // pem_private_key is the buffer containing the PEM encoding of the client's // private key. This parameter can be empty if the client does not have a // private key. // pem_cert_chain is the buffer containing the PEM encoding of the client's // certificate chain. This parameter can be empty if the client does not have // a certificate chain. -// TODO(jboeuf) Change it to point to a file. struct SslCredentialsOptions { grpc::string pem_root_certs; grpc::string pem_private_key; diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 0732a8f83a..731959069f 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -54,6 +54,12 @@ void grpc_credentials_release(grpc_credentials *creds); /* Creates default credentials. */ grpc_credentials *grpc_default_credentials_create(void); +/* Environment variable that points to the default SSL roots file. This file + must be a PEM encoded file with all the roots such as the one that can be + downloaded from https://pki.google.com/roots.pem. */ +#define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \ + "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH" + /* Object that holds a private key / certificate chain pair in PEM format. */ typedef struct { /* private_key is the NULL-terminated string containing the PEM encoding of diff --git a/include/grpc/support/port_platform.h b/include/grpc/support/port_platform.h index 2bf5348315..4ffadde450 100644 --- a/include/grpc/support/port_platform.h +++ b/include/grpc/support/port_platform.h @@ -61,6 +61,8 @@ #define GPR_POSIX_SOCKET 1 #define GPR_POSIX_SOCKETADDR 1 #define GPR_POSIX_SOCKETUTILS 1 +#define GPR_POSIX_ENV 1 +#define GPR_POSIX_FILE 1 #define GPR_POSIX_STRING 1 #define GPR_POSIX_SYNC 1 #define GPR_POSIX_TIME 1 @@ -74,6 +76,8 @@ #define GPR_LINUX_EVENTFD 1 #define GPR_POSIX_SOCKET 1 #define GPR_POSIX_SOCKETADDR 1 +#define GPR_POSIX_ENV 1 +#define GPR_POSIX_FILE 1 #define GPR_POSIX_STRING 1 #define GPR_POSIX_SYNC 1 #define GPR_POSIX_TIME 1 @@ -93,6 +97,8 @@ #define GPR_POSIX_SOCKET 1 #define GPR_POSIX_SOCKETADDR 1 #define GPR_POSIX_SOCKETUTILS 1 +#define GPR_POSIX_ENV 1 +#define GPR_POSIX_FILE 1 #define GPR_POSIX_STRING 1 #define GPR_POSIX_SYNC 1 #define GPR_POSIX_TIME 1 |