aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/core/lib/security
Commit message (Collapse)AuthorAge
...
| | * minor fixGravatar Yihua Zhang2018-07-03
| | |
| | * finished 2nd revisionGravatar Yihua Zhang2018-07-03
| | |
| * | Allocate on call arena in client_auth_filterGravatar Hope Casey-Allen2018-07-03
| | |
| | * finished 1st revisionGravatar Yihua Zhang2018-07-02
| | |
| | * implement loca credentialsGravatar Yihua Zhang2018-07-02
| |/ |/|
* | Remove auth_context from call data. Use channel data auth context insteadGravatar Hope Casey-Allen2018-06-29
| |
* | Fix macro error and clang tidyGravatar Hope Casey-Allen2018-06-29
| |
* | Remove allocation in server_auth_filterGravatar Hope Casey-Allen2018-06-29
|/
* Remove allocation in server_auth filter and allocate on the arena insteadGravatar Hope Casey-Allen2018-06-22
|
* Create verify_peer_options when creating ssl credentials in order to expose ↵Gravatar Ian Haken2018-06-12
| | | | | | a verification callback option. These options are not yet exposed to languages outside of core.
* Fix fuzzer errorGravatar ncteisen2018-06-06
|
* Stop using cached time in oauth token expiration timeGravatar yang-g2018-06-01
|
* use a new gcp env check mechansimGravatar Yihua Zhang2018-05-18
|
* Merge pull request #15404 from jiangtaoli2016/ecdsaGravatar Jiangtao Li2018-05-16
|\ | | | | Add ECDSA to gRPC default SSL cipher list
| * Add ECDSA to gRPC default SSL cipher listGravatar jiangtaoli20162018-05-15
| |
* | Reviewer feedback and build fixesGravatar ncteisen2018-05-15
| |
* | Stop using banned functionsGravatar ncteisen2018-05-15
|/
* Merge pull request #15325 from yihuazhang/google_default_creds_fixGravatar yihuaz2018-05-10
|\ | | | | Fix channel args errors in google default credentials
| * fix google default credsGravatar Yihua Zhang2018-05-09
| |
* | Migrate SSL_transport_security TSI to new TSI handshaker APIGravatar jiangtaoli20162018-05-09
|/
* Add tsi_handshaker_shutdown to TSIGravatar Yihua Zhang2018-05-09
|
* incorporate alts to google default credsGravatar Yihua Zhang2018-05-03
|
* fix namespace of security_connector test functionsGravatar jiangtaoli20162018-04-27
|
* Merge pull request #14387 from dcow/zone-idGravatar Mark D. Roth2018-04-27
|\ | | | | gRPC core: strip zone-id from IPv6 hosts before TLS verification
* \ Merge pull request #15190 from yihuazhang/enable_cpp_for_alts_interopGravatar yihuaz2018-04-26
|\ \ | | | | | | Enable C++ in ALTS interop tests
| | * gRPC core: strip zone-id from IPv6 hosts before TLS verificationGravatar David Cowden2018-04-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When initiating a connection to an IPv6 peer using an address that is not globally scoped, there may be ambiguity regarding which zone the destination address applies to when multiple links of the same scope are present. The scoped address architecture and zone-id syntax are described in rfc4007 and rfc 6874, respectively: * https://tools.ietf.org/html/rfc4007#section-6 * https://tools.ietf.org/html/rfc6874 This patch allows host name verification performed during TLS session establishment, and on a per-call basis, to work correctly when the peer presents a certificate with a non-global IPv6 address listed as one of its alternate names. Whether arbitrary certificate authorities choose issue certificates of this nature, or not, is outside the scope of gRPC. The zone-id is separated from the address using a percent (%) character. It is considered a system implementation detail and guidance suggests it be stripped from any paths or addresses egressing a host because it is irrelevant and meaningless otherwise. It would not make sense for a server to present a certificate containing non-global IPv6 addresses with zone-ids present nor would it work unless two hosts happened to be using the same zone-id. ssl_host_matches_name is prefixed with grpc_ because it has been promoted to the global namespace for testing. Resolves #14371
| * | don't call security_handshake_failed_lockedGravatar Yihua Zhang2018-04-25
| | |
* | | Change trace logging to use GPR_INFO instead of GPR_DEBUG.Gravatar Mark D. Roth2018-04-25
| |/ |/|
| * enable c++ for ALTS kokoro testsGravatar Yihua Zhang2018-04-25
|/
* Add tracer for handshakers.Gravatar Mark D. Roth2018-04-17
|
* Add C++ experimental API extensions for ALTS C stackGravatar Yihua Zhang2018-04-16
|
* Init default root certs store onceGravatar jiangtaoli20162018-03-28
|
* Merge branch 'master' of github.com:grpc/grpc into authority_headerGravatar David Garcia Quintas2018-03-27
|\
* | more commentsGravatar David Garcia Quintas2018-03-27
| |
* | added call_host_override testGravatar David Garcia Quintas2018-03-26
| |
* | PR commentsGravatar David Garcia Quintas2018-03-23
| |
| * cache default SSL root cert storeGravatar jiangtaoli20162018-03-23
| |
* | Fixed tests call hostGravatar David Garcia Quintas2018-03-22
| |
* | Merge branch 'master' of github.com:grpc/grpc into authority_headerGravatar David Garcia Quintas2018-03-21
|\|
| * [grpc] Add SSL session client cache supportGravatar Ruslan Nigmatullin2018-03-20
| |
| * Remove unnecessary includes of exec_ctx.hGravatar Yash Tibrewal2018-03-14
| |
* | Undo changes to ssl_credentials.ccGravatar David Garcia Quintas2018-03-14
| |
| * Use metadata batch callouts in client_auth_filter.Gravatar Mark D. Roth2018-03-12
| |
* | Secure channels: use the right authorityGravatar David Garcia Quintas2018-03-10
|/
* Add ALTS code to grpc/coreGravatar Yihua Zhang2018-03-08
|
* Revert "Add ALTS C stack to gRPC core"Gravatar Sree Kuchibhotla2018-03-07
|
* Add ALTS code to grpc/coreGravatar Yihua Zhang2018-03-06
|
* Perform secure naming checks in grpclb_end2end_testGravatar David Garcia Quintas2018-02-27
|
* Convert slice hash table and service config code to C++.Gravatar Mark D. Roth2018-02-26
|
* Add a sanity check for inclusion of port_platform.hGravatar Alexander Polcyn2018-02-23
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 13:59:01 +0000