From 2bc7b8e0a3975352eeffcb7751d6aef687fd1284 Mon Sep 17 00:00:00 2001 From: Jan Tattermusch Date: Thu, 30 Aug 2018 19:28:30 +0200 Subject: address comments --- include/grpc/grpc_security_constants.h | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'include/grpc') diff --git a/include/grpc/grpc_security_constants.h b/include/grpc/grpc_security_constants.h index c115cd3659..7f7c89d667 100644 --- a/include/grpc/grpc_security_constants.h +++ b/include/grpc/grpc_security_constants.h @@ -57,9 +57,10 @@ typedef enum { } grpc_ssl_certificate_config_reload_status; typedef enum { - /** Server does not request client certificate. A client may present a self - signed or signed certificate or not present a certificate at all and any of - those option would be accepted. */ + /** Server does not request client certificate. + The certificate presented by the client is not checked by the server at all. + (A client may present a self signed or signed certificate or not present a certificate at all and any of + those option would be accepted) */ GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, /** Server requests client certificate but does not enforce that the client presents a certificate. @@ -68,17 +69,18 @@ typedef enum { the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context). - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, /** Server requests client certificate but does not enforce that the client presents a certificate. If the client presents a certificate, the client authentication is done by - the gRPC framework (the client needs to either present a signed cert or not - present a certificate at all for a successful connection). + the gRPC framework. (For a successful connection the client needs to either + present a certificate that can be verified against the root certificate configured by the server + or not present a certificate at all) - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, /** Server requests client certificate and enforces that the client presents a @@ -88,16 +90,17 @@ typedef enum { the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context). - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, /** Server requests client certificate and enforces that the client presents a certificate. - The cerificate presented by the client is verified by the gRPC framework - (the client needs to present signed certs for a successful connection). + The cerificate presented by the client is verified by the gRPC framework. + (For a successful connection the client needs to present a certificate that can be verified against + the root certificate configured by the server) - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY } grpc_ssl_client_certificate_request_type; -- cgit v1.2.3