Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | clang_format | 2018-08-10 | |
| | |||
* | Add newline to end of header | 2018-08-10 | |
| | |||
* | Added system roots feature to load roots from OS trust store | 2018-08-09 | |
| | | | | | | Added a flag-guarded feature that allows gRPC to load TLS/SSL roots from the OS trust store. This is the Linux-specific implementation of such feature. | ||
* | ssl_check_peer bypass ALPN check if NPN is used | 2018-07-12 | |
| | |||
* | minor fix | 2018-07-03 | |
| | |||
* | finished 2nd revision | 2018-07-03 | |
| | |||
* | finished 1st revision | 2018-07-02 | |
| | |||
* | implement loca credentials | 2018-07-02 | |
| | |||
* | Create verify_peer_options when creating ssl credentials in order to expose ↵ | 2018-06-12 | |
| | | | | | | a verification callback option. These options are not yet exposed to languages outside of core. | ||
* | Merge pull request #15404 from jiangtaoli2016/ecdsa | 2018-05-16 | |
|\ | | | | | Add ECDSA to gRPC default SSL cipher list | ||
| * | Add ECDSA to gRPC default SSL cipher list | 2018-05-15 | |
| | | |||
* | | Reviewer feedback and build fixes | 2018-05-15 | |
| | | |||
* | | Stop using banned functions | 2018-05-15 | |
|/ | |||
* | Migrate SSL_transport_security TSI to new TSI handshaker API | 2018-05-09 | |
| | |||
* | fix namespace of security_connector test functions | 2018-04-27 | |
| | |||
* | gRPC core: strip zone-id from IPv6 hosts before TLS verification | 2018-04-26 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When initiating a connection to an IPv6 peer using an address that is not globally scoped, there may be ambiguity regarding which zone the destination address applies to when multiple links of the same scope are present. The scoped address architecture and zone-id syntax are described in rfc4007 and rfc 6874, respectively: * https://tools.ietf.org/html/rfc4007#section-6 * https://tools.ietf.org/html/rfc6874 This patch allows host name verification performed during TLS session establishment, and on a per-call basis, to work correctly when the peer presents a certificate with a non-global IPv6 address listed as one of its alternate names. Whether arbitrary certificate authorities choose issue certificates of this nature, or not, is outside the scope of gRPC. The zone-id is separated from the address using a percent (%) character. It is considered a system implementation detail and guidance suggests it be stripped from any paths or addresses egressing a host because it is irrelevant and meaningless otherwise. It would not make sense for a server to present a certificate containing non-global IPv6 addresses with zone-ids present nor would it work unless two hosts happened to be using the same zone-id. ssl_host_matches_name is prefixed with grpc_ because it has been promoted to the global namespace for testing. Resolves #14371 | ||
* | Init default root certs store once | 2018-03-28 | |
| | |||
* | Merge branch 'master' of github.com:grpc/grpc into authority_header | 2018-03-27 | |
|\ | |||
* | | more comments | 2018-03-27 | |
| | | |||
* | | added call_host_override test | 2018-03-26 | |
| | | |||
* | | PR comments | 2018-03-23 | |
| | | |||
| * | cache default SSL root cert store | 2018-03-23 | |
| | | |||
* | | Fixed tests call host | 2018-03-22 | |
| | | |||
* | | Merge branch 'master' of github.com:grpc/grpc into authority_header | 2018-03-21 | |
|\| | |||
| * | [grpc] Add SSL session client cache support | 2018-03-20 | |
| | | |||
* | | Secure channels: use the right authority | 2018-03-10 | |
|/ | |||
* | Add ALTS code to grpc/core | 2018-03-08 | |
| | |||
* | Revert "Add ALTS C stack to gRPC core" | 2018-03-07 | |
| | |||
* | Add ALTS code to grpc/core | 2018-03-06 | |
| | |||
* | Perform secure naming checks in grpclb_end2end_test | 2018-02-27 | |
| | |||
* | Convert slice hash table and service config code to C++. | 2018-02-26 | |
| | |||
* | Add a sanity check for inclusion of port_platform.h | 2018-02-23 | |
| | |||
* | place security_connector in its own subdirectory | 2018-02-20 | |