diff options
author | ctiller <ctiller@google.com> | 2014-12-10 08:43:47 -0800 |
---|---|---|
committer | Michael Lumish <mlumish@google.com> | 2014-12-10 13:22:22 -0800 |
commit | 48b5a4586a1292453c316c562afcee80b3d2b67d (patch) | |
tree | 4504df8e7865af964c71bf731812c178e8a8f16d /src/core/security | |
parent | 15e664bf6d193dbe99b68e98c7e97e36e67d3d2e (diff) |
Advertise h2-16, h2-15, h2-14, and accept any of them.
(Fixing the rollback from earlier - we were passing '1' as the protocol count, not num_alpn_protocols)
Change on 2014/12/10 by ctiller <ctiller@google.com>
-------------
Created by MOE: http://code.google.com/p/moe-java
MOE_MIGRATED_REVID=81783755
Diffstat (limited to 'src/core/security')
-rw-r--r-- | src/core/security/security_context.c | 72 |
1 files changed, 55 insertions, 17 deletions
diff --git a/src/core/security/security_context.c b/src/core/security/security_context.c index c56692ae83..cb97c35130 100644 --- a/src/core/security/security_context.c +++ b/src/core/security/security_context.c @@ -278,8 +278,12 @@ static grpc_security_status ssl_check_peer(const char *secure_peer_name, /* Check the ALPN. */ const tsi_peer_property *p = tsi_peer_get_property_by_name(peer, TSI_SSL_ALPN_SELECTED_PROTOCOL); - if (p == NULL || p->type != TSI_PEER_PROPERTY_TYPE_STRING) { - gpr_log(GPR_ERROR, "Invalid or missing selected ALPN property."); + if (p == NULL) { + gpr_log(GPR_ERROR, "Missing selected ALPN property."); + return GRPC_SECURITY_ERROR; + } + if (p->type != TSI_PEER_PROPERTY_TYPE_STRING) { + gpr_log(GPR_ERROR, "Invalid selected ALPN property."); return GRPC_SECURITY_ERROR; } if (!grpc_chttp2_is_alpn_version_supported(p->value.string.data, @@ -322,19 +326,29 @@ static grpc_security_context_vtable ssl_server_vtable = { grpc_security_status grpc_ssl_channel_security_context_create( grpc_credentials *request_metadata_creds, const grpc_ssl_config *config, const char *secure_peer_name, grpc_channel_security_context **ctx) { - const char *alpn_protocol_string = GRPC_CHTTP2_ALPN_VERSION; - unsigned char alpn_protocol_string_len = - (unsigned char)strlen(alpn_protocol_string); + size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions(); + const unsigned char **alpn_protocol_strings = + gpr_malloc(sizeof(const char *) * num_alpn_protocols); + unsigned char *alpn_protocol_string_lengths = + gpr_malloc(sizeof(unsigned char) * num_alpn_protocols); tsi_result result = TSI_OK; grpc_ssl_channel_security_context *c; + size_t i; + + for (i = 0; i < num_alpn_protocols; i++) { + alpn_protocol_strings[i] = + (const unsigned char *)grpc_chttp2_get_alpn_version_index(i); + alpn_protocol_string_lengths[i] = + strlen(grpc_chttp2_get_alpn_version_index(i)); + } if (config == NULL || secure_peer_name == NULL || config->pem_root_certs == NULL) { gpr_log(GPR_ERROR, "An ssl channel needs a secure name and root certs."); - return GRPC_SECURITY_ERROR; + goto error; } if (!check_request_metadata_creds(request_metadata_creds)) { - return GRPC_SECURITY_ERROR; + goto error; } c = gpr_malloc(sizeof(grpc_ssl_channel_security_context)); @@ -351,31 +365,48 @@ grpc_security_status grpc_ssl_channel_security_context_create( config->pem_private_key, config->pem_private_key_size, config->pem_cert_chain, config->pem_cert_chain_size, config->pem_root_certs, config->pem_root_certs_size, - GRPC_SSL_CIPHER_SUITES, (const unsigned char **)&alpn_protocol_string, - &alpn_protocol_string_len, 1, &c->handshaker_factory); + GRPC_SSL_CIPHER_SUITES, alpn_protocol_strings, + alpn_protocol_string_lengths, num_alpn_protocols, &c->handshaker_factory); if (result != TSI_OK) { gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", tsi_result_to_string(result)); ssl_channel_destroy(&c->base.base); *ctx = NULL; - return GRPC_SECURITY_ERROR; + goto error; } *ctx = &c->base; + gpr_free(alpn_protocol_strings); + gpr_free(alpn_protocol_string_lengths); return GRPC_SECURITY_OK; + +error: + gpr_free(alpn_protocol_strings); + gpr_free(alpn_protocol_string_lengths); + return GRPC_SECURITY_ERROR; } grpc_security_status grpc_ssl_server_security_context_create( const grpc_ssl_config *config, grpc_security_context **ctx) { - const char *alpn_protocol_string = GRPC_CHTTP2_ALPN_VERSION; - unsigned char alpn_protocol_string_len = - (unsigned char)strlen(alpn_protocol_string); + size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions(); + const unsigned char **alpn_protocol_strings = + gpr_malloc(sizeof(const char *) * num_alpn_protocols); + unsigned char *alpn_protocol_string_lengths = + gpr_malloc(sizeof(unsigned char) * num_alpn_protocols); tsi_result result = TSI_OK; grpc_ssl_server_security_context *c; + size_t i; + + for (i = 0; i < num_alpn_protocols; i++) { + alpn_protocol_strings[i] = + (const unsigned char *)grpc_chttp2_get_alpn_version_index(i); + alpn_protocol_string_lengths[i] = + strlen(grpc_chttp2_get_alpn_version_index(i)); + } if (config == NULL || config->pem_private_key == NULL || config->pem_cert_chain == NULL) { gpr_log(GPR_ERROR, "An SSL server needs a key and a cert."); - return GRPC_SECURITY_ERROR; + goto error; } c = gpr_malloc(sizeof(grpc_ssl_server_security_context)); memset(c, 0, sizeof(grpc_ssl_server_security_context)); @@ -388,17 +419,24 @@ grpc_security_status grpc_ssl_server_security_context_create( (const unsigned char **)&config->pem_cert_chain, (const gpr_uint32 *)&config->pem_cert_chain_size, 1, config->pem_root_certs, config->pem_root_certs_size, - GRPC_SSL_CIPHER_SUITES, (const unsigned char **)&alpn_protocol_string, - &alpn_protocol_string_len, 1, &c->handshaker_factory); + GRPC_SSL_CIPHER_SUITES, alpn_protocol_strings, + alpn_protocol_string_lengths, num_alpn_protocols, &c->handshaker_factory); if (result != TSI_OK) { gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.", tsi_result_to_string(result)); ssl_server_destroy(&c->base); *ctx = NULL; - return GRPC_SECURITY_ERROR; + goto error; } *ctx = &c->base; + gpr_free(alpn_protocol_strings); + gpr_free(alpn_protocol_string_lengths); return GRPC_SECURITY_OK; + +error: + gpr_free(alpn_protocol_strings); + gpr_free(alpn_protocol_string_lengths); + return GRPC_SECURITY_ERROR; } |