From fe20ad62a05955b56d0fe27f05d355db2e2314b5 Mon Sep 17 00:00:00 2001 From: Jan Tattermusch Date: Thu, 23 Aug 2018 17:16:49 +0200 Subject: improve doc comments for security constants --- include/grpc/grpc_security_constants.h | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'include/grpc') diff --git a/include/grpc/grpc_security_constants.h b/include/grpc/grpc_security_constants.h index 944a1e927f..d72150a402 100644 --- a/include/grpc/grpc_security_constants.h +++ b/include/grpc/grpc_security_constants.h @@ -57,15 +57,16 @@ typedef enum { } grpc_ssl_certificate_config_reload_status; typedef enum { - /** Server does not request client certificate. A client can present a self - signed or signed certificates if it wishes to do so and they would be - accepted. */ + /** Server does not request client certificate. A client may present a self + signed or signed certificates if it wishes to do so and either option would + be accepted. */ GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, /** Server requests client certificate but does not enforce that the client presents a certificate. If the client presents a certificate, the client authentication is left to - the application based on the metadata like certificate etc. + the application (the necessary metadata will be available to the + application via authentication context properties, see grpc_auth_context). The key cert pair should still be valid for the SSL connection to be established. */ @@ -74,26 +75,27 @@ typedef enum { presents a certificate. If the client presents a certificate, the client authentication is done by - grpc framework (The client needs to either present a signed cert or skip no - certificate for a successful connection). + the gRPC framework (the client needs to either present a signed cert or not + present a certificate at all for a successful connection). The key cert pair should still be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, - /** Server requests client certificate but enforces that the client presents a + /** Server requests client certificate and enforces that the client presents a certificate. If the client presents a certificate, the client authentication is left to - the application based on the metadata like certificate etc. + the application (the necessary metadata will be available to the + application via authentication context properties, see grpc_auth_context). The key cert pair should still be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, - /** Server requests client certificate but enforces that the client presents a + /** Server requests client certificate and enforces that the client presents a certificate. - The cerificate presented by the client is verified by grpc framework (The - client needs to present signed certs for a successful connection). + The cerificate presented by the client is verified by the gRPC framework + (the client needs to present signed certs for a successful connection). The key cert pair should still be valid for the SSL connection to be established. */ -- cgit v1.2.3 From 458775d4f956072c965eaf3bc24a972daee840a7 Mon Sep 17 00:00:00 2001 From: Jan Tattermusch Date: Thu, 23 Aug 2018 17:37:43 +0200 Subject: improve wording --- include/grpc/grpc_security_constants.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include/grpc') diff --git a/include/grpc/grpc_security_constants.h b/include/grpc/grpc_security_constants.h index d72150a402..c115cd3659 100644 --- a/include/grpc/grpc_security_constants.h +++ b/include/grpc/grpc_security_constants.h @@ -58,8 +58,8 @@ typedef enum { typedef enum { /** Server does not request client certificate. A client may present a self - signed or signed certificates if it wishes to do so and either option would - be accepted. */ + signed or signed certificate or not present a certificate at all and any of + those option would be accepted. */ GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, /** Server requests client certificate but does not enforce that the client presents a certificate. -- cgit v1.2.3 From 2bc7b8e0a3975352eeffcb7751d6aef687fd1284 Mon Sep 17 00:00:00 2001 From: Jan Tattermusch Date: Thu, 30 Aug 2018 19:28:30 +0200 Subject: address comments --- include/grpc/grpc_security_constants.h | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'include/grpc') diff --git a/include/grpc/grpc_security_constants.h b/include/grpc/grpc_security_constants.h index c115cd3659..7f7c89d667 100644 --- a/include/grpc/grpc_security_constants.h +++ b/include/grpc/grpc_security_constants.h @@ -57,9 +57,10 @@ typedef enum { } grpc_ssl_certificate_config_reload_status; typedef enum { - /** Server does not request client certificate. A client may present a self - signed or signed certificate or not present a certificate at all and any of - those option would be accepted. */ + /** Server does not request client certificate. + The certificate presented by the client is not checked by the server at all. + (A client may present a self signed or signed certificate or not present a certificate at all and any of + those option would be accepted) */ GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, /** Server requests client certificate but does not enforce that the client presents a certificate. @@ -68,17 +69,18 @@ typedef enum { the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context). - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, /** Server requests client certificate but does not enforce that the client presents a certificate. If the client presents a certificate, the client authentication is done by - the gRPC framework (the client needs to either present a signed cert or not - present a certificate at all for a successful connection). + the gRPC framework. (For a successful connection the client needs to either + present a certificate that can be verified against the root certificate configured by the server + or not present a certificate at all) - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, /** Server requests client certificate and enforces that the client presents a @@ -88,16 +90,17 @@ typedef enum { the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context). - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, /** Server requests client certificate and enforces that the client presents a certificate. - The cerificate presented by the client is verified by the gRPC framework - (the client needs to present signed certs for a successful connection). + The cerificate presented by the client is verified by the gRPC framework. + (For a successful connection the client needs to present a certificate that can be verified against + the root certificate configured by the server) - The key cert pair should still be valid for the SSL connection to be + The client's key certificate pair must be valid for the SSL connection to be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY } grpc_ssl_client_certificate_request_type; -- cgit v1.2.3 From bc8f515fb8a9053c05d2a62336fe181113262a17 Mon Sep 17 00:00:00 2001 From: Jan Tattermusch Date: Thu, 30 Aug 2018 19:36:25 +0200 Subject: clang format --- include/grpc/grpc_security_constants.h | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'include/grpc') diff --git a/include/grpc/grpc_security_constants.h b/include/grpc/grpc_security_constants.h index 7f7c89d667..f935557f2d 100644 --- a/include/grpc/grpc_security_constants.h +++ b/include/grpc/grpc_security_constants.h @@ -58,9 +58,9 @@ typedef enum { typedef enum { /** Server does not request client certificate. - The certificate presented by the client is not checked by the server at all. - (A client may present a self signed or signed certificate or not present a certificate at all and any of - those option would be accepted) */ + The certificate presented by the client is not checked by the server at + all. (A client may present a self signed or signed certificate or not + present a certificate at all and any of those option would be accepted) */ GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, /** Server requests client certificate but does not enforce that the client presents a certificate. @@ -69,19 +69,19 @@ typedef enum { the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context). - The client's key certificate pair must be valid for the SSL connection to be - established. */ + The client's key certificate pair must be valid for the SSL connection to + be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, /** Server requests client certificate but does not enforce that the client presents a certificate. If the client presents a certificate, the client authentication is done by the gRPC framework. (For a successful connection the client needs to either - present a certificate that can be verified against the root certificate configured by the server - or not present a certificate at all) + present a certificate that can be verified against the root certificate + configured by the server or not present a certificate at all) - The client's key certificate pair must be valid for the SSL connection to be - established. */ + The client's key certificate pair must be valid for the SSL connection to + be established. */ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, /** Server requests client certificate and enforces that the client presents a certificate. @@ -90,18 +90,18 @@ typedef enum { the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context). - The client's key certificate pair must be valid for the SSL connection to be - established. */ + The client's key certificate pair must be valid for the SSL connection to + be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, /** Server requests client certificate and enforces that the client presents a certificate. The cerificate presented by the client is verified by the gRPC framework. - (For a successful connection the client needs to present a certificate that can be verified against - the root certificate configured by the server) + (For a successful connection the client needs to present a certificate that + can be verified against the root certificate configured by the server) - The client's key certificate pair must be valid for the SSL connection to be - established. */ + The client's key certificate pair must be valid for the SSL connection to + be established. */ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY } grpc_ssl_client_certificate_request_type; -- cgit v1.2.3