Add various options to verify ssl/tls client cert including letting the

application handle the authentication.
author: Deepak Lukose <deepaklukose@google.com> 2016-03-25 12:54:25 -0700
committer: Deepak Lukose <deepaklukose@google.com> 2016-04-19 15:02:06 -0700
commit: dba4c5fd0144b68916b4dc2bbbd02d12c2e12041 (patch)
tree: f7284c54983f7bd9859453dc4e2111a80442441f /src/cpp
parent: 17735908ed4eb1c54bd1b3652062b49f58a985e3 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/src/cpp/server/secure_server_credentials.cc b/src/cpp/server/secure_server_credentials.cc
index d472667a7e..33bdc2a1f4 100644
--- a/src/cpp/server/secure_server_credentials.cc
+++ b/src/cpp/server/secure_server_credentials.cc
@@ -130,10 +130,14 @@ std::shared_ptr<ServerCredentials> SslServerCredentials(
                                     key_cert_pair->cert_chain.c_str()};
     pem_key_cert_pairs.push_back(p);
   }
-  grpc_server_credentials* c_creds = grpc_ssl_server_credentials_create(
+  grpc_server_credentials* c_creds = grpc_ssl_server_credentials_create_ex(
       options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(),
       pem_key_cert_pairs.empty() ? nullptr : &pem_key_cert_pairs[0],
-      pem_key_cert_pairs.size(), options.force_client_auth, nullptr);
+      pem_key_cert_pairs.size(),
+      options.force_client_auth
+          ? GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
+          : options.client_certificate_request,
+      nullptr);
   return std::shared_ptr<ServerCredentials>(
       new SecureServerCredentials(c_creds));
 }
author	Deepak Lukose <deepaklukose@google.com>	2016-03-25 12:54:25 -0700
committer	Deepak Lukose <deepaklukose@google.com>	2016-04-19 15:02:06 -0700
commit	dba4c5fd0144b68916b4dc2bbbd02d12c2e12041 (patch)
tree	f7284c54983f7bd9859453dc4e2111a80442441f /src/cpp
parent	17735908ed4eb1c54bd1b3652062b49f58a985e3 (diff)