diff options
| author |  jiangtaoli2016 <jiangtao@google.com> | 2018-07-12 14:02:50 -0700 |
|---|---|---|
| committer | jiangtaoli2016 <jiangtao@google.com> | 2018-07-12 14:02:50 -0700 |
| commit | 5d24ab9faa32af6fcf6295d4612625b9267cccb1 (patch) | |
| tree | 56c6e0ec3a4c0ba058ea421bdbd4fe7ce0c2165f /src/core/lib/security/security_connector | |
| parent | 92d821161300b3766def50d30ffed9db8ad2c108 (diff) | |
ssl_check_peer bypass ALPN check if NPN is used
Diffstat (limited to 'src/core/lib/security/security_connector')
| -rw-r--r-- | src/core/lib/security/security_connector/security_connector.cc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/core/lib/security/security_connector/security_connector.cc b/src/core/lib/security/security_connector/security_connector.cc index cc72bb6164..59cf3a0af1 100644 --- a/src/core/lib/security/security_connector/security_connector.cc +++ b/src/core/lib/security/security_connector/security_connector.cc @@ -57,6 +57,10 @@ static const char* installed_roots_path = INSTALL_PREFIX "/share/grpc/roots.pem"; #endif +#ifndef TSI_OPENSSL_ALPN_SUPPORT +#define TSI_OPENSSL_ALPN_SUPPORT 1 +#endif + /* -- Overridden default roots. -- */ static grpc_ssl_roots_override_callback ssl_roots_override_cb = nullptr; @@ -850,7 +854,8 @@ grpc_auth_context* grpc_ssl_peer_to_auth_context(const tsi_peer* peer) { static grpc_error* ssl_check_peer(grpc_security_connector* sc, const char* peer_name, const tsi_peer* peer, grpc_auth_context** auth_context) { - /* Check the ALPN. */ +#if TSI_OPENSSL_ALPN_SUPPORT + /* Check the ALPN if ALPN is supported. */ const tsi_peer_property* p = tsi_peer_get_property_by_name(peer, TSI_SSL_ALPN_SELECTED_PROTOCOL); if (p == nullptr) { @@ -861,7 +866,7 @@ static grpc_error* ssl_check_peer(grpc_security_connector* sc, return GRPC_ERROR_CREATE_FROM_STATIC_STRING( "Cannot check peer: invalid ALPN value."); } - +#endif /* TSI_OPENSSL_ALPN_SUPPORT */ /* Check the peer name if specified. */ if (peer_name != nullptr && !grpc_ssl_host_matches_name(peer, peer_name)) { char* msg; |