Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Move security credentials, connectors, and auth context to C++ | Soheil Hassas Yeganeh | 2018-12-13 |
| | | | | | | | This is to use `grpc_core::RefCount` to improve performnace. This commit also replaces explicit C vtables, with C++ vtable with its own compile time assertions and performance benefits. It also makes use of `RefCountedPtr` wherever possible. | ||
* | change tests to use the new class instead of grpc_test_init | yang-g | 2018-11-30 |
| | |||
* | security connector refactor | Yihua Zhang | 2018-10-22 |
| | |||
* | Turn loading system root certificate as default | jiangtaoli2016 | 2018-09-04 |
| | |||
* | Added system roots feature to load roots from OS trust store | tdbhacks | 2018-08-09 |
| | | | | | | Added a flag-guarded feature that allows gRPC to load TLS/SSL roots from the OS trust store. This is the Linux-specific implementation of such feature. | ||
* | fix namespace of security_connector test functions | jiangtaoli2016 | 2018-04-27 |
| | |||
* | gRPC core: strip zone-id from IPv6 hosts before TLS verification | David Cowden | 2018-04-26 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When initiating a connection to an IPv6 peer using an address that is not globally scoped, there may be ambiguity regarding which zone the destination address applies to when multiple links of the same scope are present. The scoped address architecture and zone-id syntax are described in rfc4007 and rfc 6874, respectively: * https://tools.ietf.org/html/rfc4007#section-6 * https://tools.ietf.org/html/rfc6874 This patch allows host name verification performed during TLS session establishment, and on a per-call basis, to work correctly when the peer presents a certificate with a non-global IPv6 address listed as one of its alternate names. Whether arbitrary certificate authorities choose issue certificates of this nature, or not, is outside the scope of gRPC. The zone-id is separated from the address using a percent (%) character. It is considered a system implementation detail and guidance suggests it be stripped from any paths or addresses egressing a host because it is irrelevant and meaningless otherwise. It would not make sense for a server to present a certificate containing non-global IPv6 addresses with zone-ids present nor would it work unless two hosts happened to be using the same zone-id. ssl_host_matches_name is prefixed with grpc_ because it has been promoted to the global namespace for testing. Resolves #14371 | ||
* | cache default SSL root cert store | jiangtaoli2016 | 2018-03-23 |
| | |||
* | place security_connector in its own subdirectory | Yihua Zhang | 2018-02-20 |
| | |||
* | Privatize useful.h and avl.h | Vijay Pai | 2018-02-02 |
| | |||
* | Split lib/support into lib/gpr and lib/gpr++. | Mark D. Roth | 2018-01-18 |
| | |||
* | Enable clang-tidy as a sanity check, fix up all known failures | Craig Tiller | 2017-11-10 |
| | |||
* | Merge master | Yash Tibrewal | 2017-11-06 |
| | |||
* | rename all test core files to cc and a lot of C++ style conversions | Yash Tibrewal | 2017-10-25 |