From 8fbcc4391ef8ea178520f2e15c07a505621244a6 Mon Sep 17 00:00:00 2001
From: Julien Boeuf <jboeuf@google.com>
Date: Thu, 15 Jan 2015 16:44:13 -0800
Subject: Changing the SSL (Server) Credentials API.

- Changed the unsigned char * + size to NULL terminated strings which
  makes sense for the PEM format. I may change TSI later (but the impact
  will hopefully be much more limited).
- Added a way to pass multiple key/cert pairs to servers which is needed
  when hosting more than one domain.
- Removed the C++ SSL credentials tests as we are going to have an
  option to not specify the roots which will then be derived from the
  environment (well-known platform dependent locations and/or
  environment variable).
- Fixed the php build which is the only one added in the run_test.py.
  This change will certainly break node, python and ruby.
---
 src/cpp/server/server_credentials.cc | 23 +++++++----------------
 1 file changed, 7 insertions(+), 16 deletions(-)

(limited to 'src/cpp/server/server_credentials.cc')

diff --git a/src/cpp/server/server_credentials.cc b/src/cpp/server/server_credentials.cc
index b82a2d821a..ce0271b6a0 100644
--- a/src/cpp/server/server_credentials.cc
+++ b/src/cpp/server/server_credentials.cc
@@ -48,23 +48,14 @@ grpc_server_credentials *ServerCredentials::GetRawCreds() { return creds_; }
 
 std::shared_ptr<ServerCredentials> ServerCredentialsFactory::SslCredentials(
     const SslServerCredentialsOptions &options) {
-  const unsigned char *pem_root_certs =
-      options.pem_root_certs.empty() ? nullptr
-                                     : reinterpret_cast<const unsigned char *>(
-                                           options.pem_root_certs.c_str());
-  const unsigned char *pem_private_key =
-      options.pem_private_key.empty() ? nullptr
-                                      : reinterpret_cast<const unsigned char *>(
-                                            options.pem_private_key.c_str());
-  const unsigned char *pem_cert_chain =
-      options.pem_cert_chain.empty() ? nullptr
-                                     : reinterpret_cast<const unsigned char *>(
-                                           options.pem_cert_chain.c_str());
-
+  std::vector<grpc_ssl_pem_key_cert_pair> pem_key_cert_pairs;
+  for (const auto &key_cert_pair : options.pem_key_cert_pairs) {
+    pem_key_cert_pairs.push_back(
+        {key_cert_pair.private_key.c_str(), key_cert_pair.cert_chain.c_str()});
+  }
   grpc_server_credentials *c_creds = grpc_ssl_server_credentials_create(
-      pem_root_certs, options.pem_root_certs.size(), pem_private_key,
-      options.pem_private_key.size(), pem_cert_chain,
-      options.pem_cert_chain.size());
+      options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(),
+      &pem_key_cert_pairs[0], pem_key_cert_pairs.size());
   return std::shared_ptr<ServerCredentials>(new ServerCredentials(c_creds));
 }
 
-- 
cgit v1.2.3