diff options
author | 2015-02-05 13:19:52 -0800 | |
---|---|---|
committer | 2015-02-05 13:19:52 -0800 | |
commit | f229d4fd4d055e70793ecc24323e128c4e6acd3f (patch) | |
tree | 8d30472697faf75025321fc16cbe39efa95d19f7 /include | |
parent | ee6c4fb3887d3a9622c2d84398ce5e27f8a48bd0 (diff) | |
parent | 5f925a95c19514e6ad7d387d37ce63f1948a88de (diff) |
Merge pull request #359 from jboeuf/ssl_default_creds_integration
Adding support for loading the SSL roots from an environment variable.
Diffstat (limited to 'include')
-rw-r--r-- | include/grpc++/credentials.h | 3 | ||||
-rw-r--r-- | include/grpc/grpc_security.h | 6 | ||||
-rw-r--r-- | include/grpc/support/port_platform.h | 6 |
3 files changed, 13 insertions, 2 deletions
diff --git a/include/grpc++/credentials.h b/include/grpc++/credentials.h index 987d890b4f..52304d7f36 100644 --- a/include/grpc++/credentials.h +++ b/include/grpc++/credentials.h @@ -66,14 +66,13 @@ class Credentials final { // Options used to build SslCredentials // pem_roots_cert is the buffer containing the PEM encoding of the server root -// certificates. This parameter cannot be empty. +// certificates. If this parameter is empty, the default roots will be used. // pem_private_key is the buffer containing the PEM encoding of the client's // private key. This parameter can be empty if the client does not have a // private key. // pem_cert_chain is the buffer containing the PEM encoding of the client's // certificate chain. This parameter can be empty if the client does not have // a certificate chain. -// TODO(jboeuf) Change it to point to a file. struct SslCredentialsOptions { grpc::string pem_root_certs; grpc::string pem_private_key; diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 0732a8f83a..731959069f 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -54,6 +54,12 @@ void grpc_credentials_release(grpc_credentials *creds); /* Creates default credentials. */ grpc_credentials *grpc_default_credentials_create(void); +/* Environment variable that points to the default SSL roots file. This file + must be a PEM encoded file with all the roots such as the one that can be + downloaded from https://pki.google.com/roots.pem. */ +#define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \ + "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH" + /* Object that holds a private key / certificate chain pair in PEM format. */ typedef struct { /* private_key is the NULL-terminated string containing the PEM encoding of diff --git a/include/grpc/support/port_platform.h b/include/grpc/support/port_platform.h index 2bf5348315..e99099c651 100644 --- a/include/grpc/support/port_platform.h +++ b/include/grpc/support/port_platform.h @@ -61,6 +61,8 @@ #define GPR_POSIX_SOCKET 1 #define GPR_POSIX_SOCKETADDR 1 #define GPR_POSIX_SOCKETUTILS 1 +#define GPR_POSIX_ENV 1 +#define GPR_POSIX_FILE 1 #define GPR_POSIX_STRING 1 #define GPR_POSIX_SYNC 1 #define GPR_POSIX_TIME 1 @@ -74,6 +76,8 @@ #define GPR_LINUX_EVENTFD 1 #define GPR_POSIX_SOCKET 1 #define GPR_POSIX_SOCKETADDR 1 +#define GPR_LINUX_ENV 1 +#define GPR_POSIX_FILE 1 #define GPR_POSIX_STRING 1 #define GPR_POSIX_SYNC 1 #define GPR_POSIX_TIME 1 @@ -93,6 +97,8 @@ #define GPR_POSIX_SOCKET 1 #define GPR_POSIX_SOCKETADDR 1 #define GPR_POSIX_SOCKETUTILS 1 +#define GPR_POSIX_ENV 1 +#define GPR_POSIX_FILE 1 #define GPR_POSIX_STRING 1 #define GPR_POSIX_SYNC 1 #define GPR_POSIX_TIME 1 |