diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/grpc++/server_credentials.h | 8 | ||||
-rw-r--r-- | include/grpc/grpc.h | 3 | ||||
-rw-r--r-- | include/grpc/grpc_security.h | 56 |
3 files changed, 35 insertions, 32 deletions
diff --git a/include/grpc++/server_credentials.h b/include/grpc++/server_credentials.h index cf08870f42..91504ae0ae 100644 --- a/include/grpc++/server_credentials.h +++ b/include/grpc++/server_credentials.h @@ -35,6 +35,7 @@ #define __GRPCPP_SERVER_CREDENTIALS_H_ #include <memory> +#include <vector> #include <grpc++/config.h> @@ -60,9 +61,12 @@ class ServerCredentials final { // Options to create ServerCredentials with SSL struct SslServerCredentialsOptions { + struct PemKeyCertPair{ + grpc::string private_key; + grpc::string cert_chain; + }; grpc::string pem_root_certs; - grpc::string pem_private_key; - grpc::string pem_cert_chain; + std::vector<PemKeyCertPair> pem_key_cert_pairs; }; // Factory for building different types of ServerCredentials diff --git a/include/grpc/grpc.h b/include/grpc/grpc.h index 3c5b0de195..f03f61d84e 100644 --- a/include/grpc/grpc.h +++ b/include/grpc/grpc.h @@ -428,7 +428,8 @@ grpc_server *grpc_server_create(grpc_completion_queue *cq, REQUIRES: server not started */ int grpc_server_add_http2_port(grpc_server *server, const char *addr); -/* Add a secure port to server; returns 1 on success, 0 on failure +/* Add a secure port to server. + Returns bound port number on success, 0 on failure. REQUIRES: server not started */ int grpc_server_add_secure_http2_port(grpc_server *server, const char *addr); diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h index 644b31f763..0732a8f83a 100644 --- a/include/grpc/grpc_security.h +++ b/include/grpc/grpc_security.h @@ -54,22 +54,26 @@ void grpc_credentials_release(grpc_credentials *creds); /* Creates default credentials. */ grpc_credentials *grpc_default_credentials_create(void); +/* Object that holds a private key / certificate chain pair in PEM format. */ +typedef struct { + /* private_key is the NULL-terminated string containing the PEM encoding of + the client's private key. */ + const char *private_key; + + /* cert_chain is the NULL-terminated string containing the PEM encoding of + the client's certificate chain. */ + const char *cert_chain; +} grpc_ssl_pem_key_cert_pair; + /* Creates an SSL credentials object. - - pem_roots_cert is the buffer containing the PEM encoding of the server - root certificates. This parameter cannot be NULL. - - pem_roots_cert_size is the size of the associated buffer. - - pem_private_key is the buffer containing the PEM encoding of the client's - private key. This parameter can be NULL if the client does not have a - private key. - - pem_private_key_size is the size of the associated buffer. - - pem_cert_chain is the buffer containing the PEM encoding of the client's - certificate chain. This parameter can be NULL if the client does not have - a certificate chain. - - pem_cert_chain_size is the size of the associated buffer. */ + - pem_roots_cert is the NULL-terminated string containing the PEM encoding + of the server root certificates. If this parameter is NULL, the default + roots will be used. + - pem_key_cert_pair is a pointer on the object containing client's private + key and certificate chain. This parameter can be NULL if the client does + not have such a key/cert pair. */ grpc_credentials *grpc_ssl_credentials_create( - const unsigned char *pem_root_certs, size_t pem_root_certs_size, - const unsigned char *pem_private_key, size_t pem_private_key_size, - const unsigned char *pem_cert_chain, size_t pem_cert_chain_size); + const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair); /* Creates a composite credentials object. */ grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1, @@ -130,22 +134,16 @@ typedef struct grpc_server_credentials grpc_server_credentials; void grpc_server_credentials_release(grpc_server_credentials *creds); /* Creates an SSL server_credentials object. - TODO(jboeuf): Change the constructor so that it can support multiple - key/cert pairs. - - pem_roots_cert is the buffer containing the PEM encoding of the server - root certificates. This parameter may be NULL if the server does not want - the client to be authenticated with SSL. - - pem_roots_cert_size is the size of the associated buffer. - - pem_private_key is the buffer containing the PEM encoding of the client's - private key. This parameter cannot be NULL. - - pem_private_key_size is the size of the associated buffer. - - pem_cert_chain is the buffer containing the PEM encoding of the client's - certificate chain. This parameter cannot be NULL. - - pem_cert_chain_size is the size of the associated buffer. */ + - pem_roots_cert is the NULL-terminated string containing the PEM encoding of + the client root certificates. This parameter may be NULL if the server does + not want the client to be authenticated with SSL. + - pem_key_cert_pairs is an array private key / certificate chains of the + server. This parameter cannot be NULL. + - num_key_cert_pairs indicates the number of items in the private_key_files + and cert_chain_files parameters. It should be at least 1. */ grpc_server_credentials *grpc_ssl_server_credentials_create( - const unsigned char *pem_root_certs, size_t pem_root_certs_size, - const unsigned char *pem_private_key, size_t pem_private_key_size, - const unsigned char *pem_cert_chain, size_t pem_cert_chain_size); + const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs, + size_t num_key_cert_pairs); /* Creates a fake server transport security credentials object for testing. */ grpc_server_credentials *grpc_fake_transport_security_server_credentials_create( |