From 1988221d15a4c092837b3cabf17f595c0d01e5c7 Mon Sep 17 00:00:00 2001 From: Yang Gao Date: Thu, 5 Feb 2015 23:06:54 -0800 Subject: Use environment variable to set root certs in c++ interop test. --- test/cpp/util/create_test_channel.cc | 4 +++- tools/dockerfile/grpc_cxx/Dockerfile | 2 ++ tools/gce_setup/shared_startup_funcs.sh | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/test/cpp/util/create_test_channel.cc b/test/cpp/util/create_test_channel.cc index a521162bea..2f95e3aa74 100644 --- a/test/cpp/util/create_test_channel.cc +++ b/test/cpp/util/create_test_channel.cc @@ -45,6 +45,8 @@ namespace grpc { // override_hostname is provided. // When ssl is not enabled, override_hostname is ignored. // Set use_prod_root to true to use the SSL root for connecting to google. +// In this case, The path to the root file must be set via environment variable +// GRPC_DEFAULT_SSL_ROOTS_FILE_PATH. // Otherwise, root for test SSL cert will be used. // creds will be used to create a channel when enable_ssl is true. // Use examples: @@ -60,7 +62,7 @@ std::shared_ptr CreateTestChannel( ChannelArguments channel_args; if (enable_ssl) { const char* roots_certs = - use_prod_roots ? prod_roots_certs : test_root_cert; + use_prod_roots ? "" : test_root_cert; SslCredentialsOptions ssl_opts = {roots_certs, "", ""}; std::unique_ptr channel_creds = diff --git a/tools/dockerfile/grpc_cxx/Dockerfile b/tools/dockerfile/grpc_cxx/Dockerfile index 43da9fefc3..9b20e7a58e 100644 --- a/tools/dockerfile/grpc_cxx/Dockerfile +++ b/tools/dockerfile/grpc_cxx/Dockerfile @@ -22,5 +22,7 @@ RUN cd /var/local/git/grpc && ls \ && make interop_server ADD service_account service_account +ADD cacerts cacerts +ENV GRPC_DEFAULT_SSL_ROOTS_FILE_PATH /cacerts/roots.pem CMD ["/var/local/git/grpc/bins/opt/interop_server", "--enable_ssl", "--port=8010"] diff --git a/tools/gce_setup/shared_startup_funcs.sh b/tools/gce_setup/shared_startup_funcs.sh index eea940864d..a6f73d1636 100755 --- a/tools/gce_setup/shared_startup_funcs.sh +++ b/tools/gce_setup/shared_startup_funcs.sh @@ -389,6 +389,7 @@ grpc_dockerfile_install() { grpc_docker_sync_service_account $dockerfile_dir/service_account || return 1; } [[ $image_label == "grpc/cxx" ]] && { + grpc_docker_sync_roots_pem $dockerfile_dir/cacerts || return 1; grpc_docker_sync_service_account $dockerfile_dir/service_account || return 1; } -- cgit v1.2.3 From 48d80e57698fe3d2a8b850c02782724e37a25418 Mon Sep 17 00:00:00 2001 From: Yang Gao Date: Thu, 5 Feb 2015 23:11:02 -0800 Subject: update comments --- test/cpp/util/create_test_channel.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cpp/util/create_test_channel.cc b/test/cpp/util/create_test_channel.cc index 2f95e3aa74..301e9a3c3a 100644 --- a/test/cpp/util/create_test_channel.cc +++ b/test/cpp/util/create_test_channel.cc @@ -45,7 +45,7 @@ namespace grpc { // override_hostname is provided. // When ssl is not enabled, override_hostname is ignored. // Set use_prod_root to true to use the SSL root for connecting to google. -// In this case, The path to the root file must be set via environment variable +// In this case, path to the roots pem file must be set via environment variable // GRPC_DEFAULT_SSL_ROOTS_FILE_PATH. // Otherwise, root for test SSL cert will be used. // creds will be used to create a channel when enable_ssl is true. -- cgit v1.2.3