From dba4c5fd0144b68916b4dc2bbbd02d12c2e12041 Mon Sep 17 00:00:00 2001 From: Deepak Lukose Date: Fri, 25 Mar 2016 12:54:25 -0700 Subject: Add various options to verify ssl/tls client cert including letting the application handle the authentication. --- include/grpc++/security/server_credentials.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'include/grpc++/security') diff --git a/include/grpc++/security/server_credentials.h b/include/grpc++/security/server_credentials.h index 5a9f8a42e2..229bab8d84 100644 --- a/include/grpc++/security/server_credentials.h +++ b/include/grpc++/security/server_credentials.h @@ -39,6 +39,7 @@ #include #include +#include struct grpc_server; @@ -69,7 +70,13 @@ class ServerCredentials { /// Options to create ServerCredentials with SSL struct SslServerCredentialsOptions { - SslServerCredentialsOptions() : force_client_auth(false) {} + // Deprecated + SslServerCredentialsOptions() + : force_client_auth(false), + client_certificate_request(GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE) {} + SslServerCredentialsOptions( + grpc_ssl_client_certificate_request_type request_type) + : force_client_auth(false), client_certificate_request(request_type) {} struct PemKeyCertPair { grpc::string private_key; @@ -77,7 +84,13 @@ struct SslServerCredentialsOptions { }; grpc::string pem_root_certs; std::vector pem_key_cert_pairs; + // Deprecated bool force_client_auth; + + // If both force_client_auth and client_certificate_request fields are set, + // force_client_auth takes effect i.e + // REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY will be enforced. + grpc_ssl_client_certificate_request_type client_certificate_request; }; /// Builds SSL ServerCredentials given SSL specific options -- cgit v1.2.3