From aaebf7ae7467a43ba69f27943069613f23808461 Mon Sep 17 00:00:00 2001 From: Julien Boeuf Date: Thu, 28 Jan 2016 17:04:42 -0800 Subject: Changing the API to use a callback mechanism. This is the agreed-upon solution. --- src/core/security/security_connector.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'src/core/security/security_connector.c') diff --git a/src/core/security/security_connector.c b/src/core/security/security_connector.c index 8a67243a18..654866fd4e 100644 --- a/src/core/security/security_connector.c +++ b/src/core/security/security_connector.c @@ -63,10 +63,10 @@ static const char *installed_roots_path = /* -- Overridden default roots. -- */ -static gpr_slice overridden_default_roots; +static grpc_ssl_roots_override_callback ssl_roots_override_cb = NULL; -void grpc_override_ssl_default_roots(const char *roots_pem) { - overridden_default_roots = gpr_slice_from_copied_string(roots_pem); +void grpc_set_ssl_roots_override_callback(grpc_ssl_roots_override_callback cb) { + ssl_roots_override_cb = cb; } /* -- Cipher suites. -- */ @@ -615,13 +615,19 @@ static gpr_slice compute_default_pem_root_certs_once(void) { } /* Try overridden roots path if needed. */ - if (GPR_SLICE_IS_EMPTY(result) && - !GPR_SLICE_IS_EMPTY(overridden_default_roots)) { - result = gpr_slice_ref(overridden_default_roots); + grpc_ssl_roots_override_result ovrd_res = GRPC_SSL_ROOTS_OVERRIDE_FAIL; + if (GPR_SLICE_IS_EMPTY(result) && ssl_roots_override_cb != NULL) { + char *pem_root_certs = NULL; + ovrd_res = ssl_roots_override_cb(&pem_root_certs); + if (ovrd_res == GRPC_SSL_ROOTS_OVERRIDE_OK) { + GPR_ASSERT(pem_root_certs != NULL); + result = gpr_slice_new(pem_root_certs, strlen(pem_root_certs), gpr_free); + } } /* Fall back to installed certs if needed. */ - if (GPR_SLICE_IS_EMPTY(result)) { + if (GPR_SLICE_IS_EMPTY(result) && + ovrd_res != GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY) { result = gpr_load_file(installed_roots_path, 0, NULL); } return result; -- cgit v1.2.3