From 4a4f1496c1b2fe6dc8336ee5f00c09568165a42a Mon Sep 17 00:00:00 2001
From: Craig Tiller <ctiller@google.com>
Date: Tue, 21 Jul 2015 16:32:29 -0700
Subject: Rename grpc_channel_create to grpc_insecure_channel_create

---
 src/ruby/ext/grpc/rb_channel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/ruby/ext')

diff --git a/src/ruby/ext/grpc/rb_channel.c b/src/ruby/ext/grpc/rb_channel.c
index 9bf1a9f945..0cb6fa2f80 100644
--- a/src/ruby/ext/grpc/rb_channel.c
+++ b/src/ruby/ext/grpc/rb_channel.c
@@ -146,7 +146,7 @@ static VALUE grpc_rb_channel_init(int argc, VALUE *argv, VALUE self) {
   target_chars = StringValueCStr(target);
   grpc_rb_hash_convert_to_channel_args(channel_args, &args);
   if (credentials == Qnil) {
-    ch = grpc_channel_create(target_chars, &args);
+    ch = grpc_insecure_channel_create(target_chars, &args);
   } else {
     creds = grpc_rb_get_wrapped_credentials(credentials);
     ch = grpc_secure_channel_create(creds, target_chars, &args);
-- 
cgit v1.2.3


From 5029b30d1ce8509a4b2f7c17e88bddb8a5206f56 Mon Sep 17 00:00:00 2001
From: Julien Boeuf <jboeuf@google.com>
Date: Tue, 21 Jul 2015 23:02:16 -0700
Subject: Adding option to force client auth on the server SSL creds.

---
 include/grpc++/server_credentials.h                      |  1 +
 include/grpc/grpc_security.h                             |  9 ++++++---
 src/core/security/credentials.c                          |  8 +++++---
 src/core/security/security_connector.c                   |  7 ++++---
 src/core/security/security_connector.h                   |  1 +
 src/core/tsi/ssl_transport_security.c                    |  8 +++++---
 src/core/tsi/ssl_transport_security.h                    | 16 ++++++++++------
 src/cpp/server/secure_server_credentials.cc              |  3 ++-
 src/csharp/ext/grpc_csharp_ext.c                         |  3 ++-
 src/node/ext/server_credentials.cc                       |  4 +++-
 src/php/ext/grpc/server_credentials.c                    |  6 ++++--
 .../src/grpc/_adapter/_c/types/server_credentials.c      |  4 +++-
 src/ruby/ext/grpc/rb_server_credentials.c                |  5 +++--
 test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c |  2 +-
 .../fixtures/chttp2_simple_ssl_fullstack_with_poll.c     |  2 +-
 .../fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c   |  2 +-
 test/core/fling/server.c                                 |  2 +-
 17 files changed, 53 insertions(+), 30 deletions(-)

(limited to 'src/ruby/ext')

diff --git a/include/grpc++/server_credentials.h b/include/grpc++/server_credentials.h
index 83ae9fd1eb..94041c7757 100644
--- a/include/grpc++/server_credentials.h
+++ b/include/grpc++/server_credentials.h
@@ -64,6 +64,7 @@ struct SslServerCredentialsOptions {
   };
   grpc::string pem_root_certs;
   std::vector<PemKeyCertPair> pem_key_cert_pairs;
+  bool force_client_auth;
 };
 
 // Builds SSL ServerCredentials given SSL specific options
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index 37d66c04ae..7c5bd6433f 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -87,7 +87,7 @@ typedef struct {
      directory).
    - pem_key_cert_pair is a pointer on the object containing client's private
      key and certificate chain. This parameter can be NULL if the client does
-     not have such a key/cert pair.  */
+     not have such a key/cert pair. */
 grpc_credentials *grpc_ssl_credentials_create(
     const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair);
 
@@ -177,10 +177,13 @@ void grpc_server_credentials_release(grpc_server_credentials *creds);
    - pem_key_cert_pairs is an array private key / certificate chains of the
      server. This parameter cannot be NULL.
    - num_key_cert_pairs indicates the number of items in the private_key_files
-     and cert_chain_files parameters. It should be at least 1. */
+     and cert_chain_files parameters. It should be at least 1.
+   - force_client_auth, if set to non-zero will force the client to authenticate
+     with an SSL cert. Note that this option is ignored if pem_root_certs is
+     NULL. */
 grpc_server_credentials *grpc_ssl_server_credentials_create(
     const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
-    size_t num_key_cert_pairs);
+    size_t num_key_cert_pairs, int force_client_auth);
 
 /* Creates a fake server transport security credentials object for testing. */
 grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c
index fb59fa4b0e..a4d998a429 100644
--- a/src/core/security/credentials.c
+++ b/src/core/security/credentials.c
@@ -259,8 +259,10 @@ static void ssl_build_config(const char *pem_root_certs,
 
 static void ssl_build_server_config(
     const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
-    size_t num_key_cert_pairs, grpc_ssl_server_config *config) {
+    size_t num_key_cert_pairs, int force_client_auth,
+    grpc_ssl_server_config *config) {
   size_t i;
+  config->force_client_auth = force_client_auth;
   if (pem_root_certs != NULL) {
     ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
                           &config->pem_root_certs_size);
@@ -302,14 +304,14 @@ grpc_credentials *grpc_ssl_credentials_create(
 
 grpc_server_credentials *grpc_ssl_server_credentials_create(
     const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
-    size_t num_key_cert_pairs) {
+    size_t num_key_cert_pairs, int force_client_auth) {
   grpc_ssl_server_credentials *c =
       gpr_malloc(sizeof(grpc_ssl_server_credentials));
   memset(c, 0, sizeof(grpc_ssl_server_credentials));
   c->base.type = GRPC_CREDENTIALS_TYPE_SSL;
   c->base.vtable = &ssl_server_vtable;
   ssl_build_server_config(pem_root_certs, pem_key_cert_pairs,
-                          num_key_cert_pairs, &c->config);
+                          num_key_cert_pairs, force_client_auth, &c->config);
   return &c->base;
 }
 
diff --git a/src/core/security/security_connector.c b/src/core/security/security_connector.c
index f6e423eb27..726b4c1e12 100644
--- a/src/core/security/security_connector.c
+++ b/src/core/security/security_connector.c
@@ -653,9 +653,10 @@ grpc_security_status grpc_ssl_server_security_connector_create(
       config->pem_private_keys_sizes,
       (const unsigned char **)config->pem_cert_chains,
       config->pem_cert_chains_sizes, config->num_key_cert_pairs,
-      config->pem_root_certs, config->pem_root_certs_size, ssl_cipher_suites(),
-      alpn_protocol_strings, alpn_protocol_string_lengths,
-      (uint16_t)num_alpn_protocols, &c->handshaker_factory);
+      config->pem_root_certs, config->pem_root_certs_size,
+      config->force_client_auth, ssl_cipher_suites(), alpn_protocol_strings,
+      alpn_protocol_string_lengths, (uint16_t)num_alpn_protocols,
+      &c->handshaker_factory);
   if (result != TSI_OK) {
     gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
             tsi_result_to_string(result));
diff --git a/src/core/security/security_connector.h b/src/core/security/security_connector.h
index a4c723f026..2c9aa1c5a4 100644
--- a/src/core/security/security_connector.h
+++ b/src/core/security/security_connector.h
@@ -201,6 +201,7 @@ typedef struct {
   size_t num_key_cert_pairs;
   unsigned char *pem_root_certs;
   size_t pem_root_certs_size;
+  int force_client_auth;
 } grpc_ssl_server_config;
 
 /* Creates an SSL server_security_connector.
diff --git a/src/core/tsi/ssl_transport_security.c b/src/core/tsi/ssl_transport_security.c
index 6156a39d09..609fc06ed5 100644
--- a/src/core/tsi/ssl_transport_security.c
+++ b/src/core/tsi/ssl_transport_security.c
@@ -1293,8 +1293,8 @@ tsi_result tsi_create_ssl_server_handshaker_factory(
     const size_t* pem_private_keys_sizes, const unsigned char** pem_cert_chains,
     const size_t* pem_cert_chains_sizes, size_t key_cert_pair_count,
     const unsigned char* pem_client_root_certs,
-    size_t pem_client_root_certs_size, const char* cipher_list,
-    const unsigned char** alpn_protocols,
+    size_t pem_client_root_certs_size, int force_client_auth,
+    const char* cipher_list, const unsigned char** alpn_protocols,
     const unsigned char* alpn_protocols_lengths, uint16_t num_alpn_protocols,
     tsi_ssl_handshaker_factory** factory) {
   tsi_ssl_server_handshaker_factory* impl = NULL;
@@ -1349,6 +1349,7 @@ tsi_result tsi_create_ssl_server_handshaker_factory(
       if (result != TSI_OK) break;
 
       if (pem_client_root_certs != NULL) {
+        int flags = SSL_VERIFY_PEER;
         STACK_OF(X509_NAME)* root_names = NULL;
         result = ssl_ctx_load_verification_certs(
             impl->ssl_contexts[i], pem_client_root_certs,
@@ -1358,7 +1359,8 @@ tsi_result tsi_create_ssl_server_handshaker_factory(
           break;
         }
         SSL_CTX_set_client_CA_list(impl->ssl_contexts[i], root_names);
-        SSL_CTX_set_verify(impl->ssl_contexts[i], SSL_VERIFY_PEER, NULL);
+        if (force_client_auth) flags |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+        SSL_CTX_set_verify(impl->ssl_contexts[i], flags, NULL);
         /* TODO(jboeuf): Add revocation verification. */
       }
 
diff --git a/src/core/tsi/ssl_transport_security.h b/src/core/tsi/ssl_transport_security.h
index b2aa2f393e..4bf6c81b75 100644
--- a/src/core/tsi/ssl_transport_security.h
+++ b/src/core/tsi/ssl_transport_security.h
@@ -107,10 +107,14 @@ tsi_result tsi_create_ssl_client_handshaker_factory(
    - key_cert_pair_count indicates the number of items in the private_key_files
      and cert_chain_files parameters.
    - pem_client_roots is the buffer containing the PEM encoding of the client
-     root certificates. This parameter may be NULL in which case the server
-     will not ask the client to authenticate itself with a certificate (server-
-     only authentication mode).
-   - pem_client_roots_size is the size of the associated buffer.
+     root certificates. This parameter may be NULL in which case the server will
+     not authenticate the client. If not NULL, the force_client_auth parameter
+     specifies if the server will accept only authenticated clients or both
+     authenticated and non-authenticated clients.
+   - pem_client_root_certs_size is the size of the associated buffer.
+   - force_client_auth, if set to non-zero will force the client to authenticate
+     with an SSL cert. Note that this option is ignored if pem_client_root_certs
+     is NULL or pem_client_roots_certs_size is 0
    - cipher_suites contains an optional list of the ciphers that the server
      supports. The format of this string is described in:
      https://www.openssl.org/docs/apps/ciphers.html.
@@ -131,8 +135,8 @@ tsi_result tsi_create_ssl_server_handshaker_factory(
     const size_t* pem_private_keys_sizes, const unsigned char** pem_cert_chains,
     const size_t* pem_cert_chains_sizes, size_t key_cert_pair_count,
     const unsigned char* pem_client_root_certs,
-    size_t pem_client_root_certs_size, const char* cipher_suites,
-    const unsigned char** alpn_protocols,
+    size_t pem_client_root_certs_size, int force_client_auth,
+    const char* cipher_suites, const unsigned char** alpn_protocols,
     const unsigned char* alpn_protocols_lengths, uint16_t num_alpn_protocols,
     tsi_ssl_handshaker_factory** factory);
 
diff --git a/src/cpp/server/secure_server_credentials.cc b/src/cpp/server/secure_server_credentials.cc
index 3e262dd74f..32c45e2280 100644
--- a/src/cpp/server/secure_server_credentials.cc
+++ b/src/cpp/server/secure_server_credentials.cc
@@ -51,7 +51,8 @@ std::shared_ptr<ServerCredentials> SslServerCredentials(
   }
   grpc_server_credentials* c_creds = grpc_ssl_server_credentials_create(
       options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(),
-      &pem_key_cert_pairs[0], pem_key_cert_pairs.size());
+      &pem_key_cert_pairs[0], pem_key_cert_pairs.size(),
+      options.force_client_auth);
   return std::shared_ptr<ServerCredentials>(
       new SecureServerCredentials(c_creds));
 }
diff --git a/src/csharp/ext/grpc_csharp_ext.c b/src/csharp/ext/grpc_csharp_ext.c
index 7dd1959a5f..3c0035d453 100644
--- a/src/csharp/ext/grpc_csharp_ext.c
+++ b/src/csharp/ext/grpc_csharp_ext.c
@@ -718,8 +718,9 @@ grpcsharp_ssl_server_credentials_create(
       key_cert_pairs[i].private_key = key_cert_pair_private_key_array[i];
     }
   }
+  /* TODO: Add a force_client_auth parameter and pass it here. */
   creds = grpc_ssl_server_credentials_create(pem_root_certs, key_cert_pairs,
-                                             num_key_cert_pairs);
+                                             num_key_cert_pairs, 0);
   gpr_free(key_cert_pairs);
   return creds;
 }
diff --git a/src/node/ext/server_credentials.cc b/src/node/ext/server_credentials.cc
index d2b63cdc4e..709105c72f 100644
--- a/src/node/ext/server_credentials.cc
+++ b/src/node/ext/server_credentials.cc
@@ -140,8 +140,10 @@ NAN_METHOD(ServerCredentials::CreateSsl) {
     return NanThrowTypeError("createSsl's third argument must be a Buffer");
   }
   key_cert_pair.cert_chain = ::node::Buffer::Data(args[2]);
+  // TODO Add a force_client_auth parameter and pass it as the last parameter
+  // here.
   NanReturnValue(WrapStruct(
-      grpc_ssl_server_credentials_create(root_certs, &key_cert_pair, 1)));
+      grpc_ssl_server_credentials_create(root_certs, &key_cert_pair, 1, 0)));
 }
 
 NAN_METHOD(ServerCredentials::CreateFake) {
diff --git a/src/php/ext/grpc/server_credentials.c b/src/php/ext/grpc/server_credentials.c
index c4c1fabb1a..ec1c3c4f52 100644
--- a/src/php/ext/grpc/server_credentials.c
+++ b/src/php/ext/grpc/server_credentials.c
@@ -115,8 +115,10 @@ PHP_METHOD(ServerCredentials, createSsl) {
                          "createSsl expects 3 strings", 1 TSRMLS_CC);
     return;
   }
-  grpc_server_credentials *creds =
-      grpc_ssl_server_credentials_create(pem_root_certs, &pem_key_cert_pair, 1);
+  /* TODO: add a force_client_auth field in ServerCredentials and pass it as
+   * the last parameter. */
+  grpc_server_credentials *creds = grpc_ssl_server_credentials_create(
+      pem_root_certs, &pem_key_cert_pair, 1, 0);
   zval *creds_object = grpc_php_wrap_server_credentials(creds);
   RETURN_DESTROY_ZVAL(creds_object);
 }
diff --git a/src/python/src/grpc/_adapter/_c/types/server_credentials.c b/src/python/src/grpc/_adapter/_c/types/server_credentials.c
index 2e02c8fe81..2277b5b907 100644
--- a/src/python/src/grpc/_adapter/_c/types/server_credentials.c
+++ b/src/python/src/grpc/_adapter/_c/types/server_credentials.c
@@ -131,8 +131,10 @@ ServerCredentials *pygrpc_ServerCredentials_ssl(
   }
 
   self = (ServerCredentials *)type->tp_alloc(type, 0);
+  /* TODO: Add a force_client_auth parameter in the python object and pass it
+     here as the last arg. */
   self->c_creds = grpc_ssl_server_credentials_create(
-      root_certs, key_cert_pairs, num_key_cert_pairs);
+      root_certs, key_cert_pairs, num_key_cert_pairs, 0);
   gpr_free(key_cert_pairs);
   return self;
 }
diff --git a/src/ruby/ext/grpc/rb_server_credentials.c b/src/ruby/ext/grpc/rb_server_credentials.c
index 5f40935890..62c211d769 100644
--- a/src/ruby/ext/grpc/rb_server_credentials.c
+++ b/src/ruby/ext/grpc/rb_server_credentials.c
@@ -176,11 +176,12 @@ static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs,
   }
   key_cert_pair.private_key = RSTRING_PTR(pem_private_key);
   key_cert_pair.cert_chain = RSTRING_PTR(pem_cert_chain);
+  /* TODO Add a force_client_auth parameter and pass it here. */
   if (pem_root_certs == Qnil) {
-    creds = grpc_ssl_server_credentials_create(NULL, &key_cert_pair, 1);
+    creds = grpc_ssl_server_credentials_create(NULL, &key_cert_pair, 1, 0);
   } else {
     creds = grpc_ssl_server_credentials_create(RSTRING_PTR(pem_root_certs),
-                                               &key_cert_pair, 1);
+                                               &key_cert_pair, 1, 0);
   }
   if (creds == NULL) {
     rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why");
diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c
index 73a36116fb..6d5669d05a 100644
--- a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c
+++ b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c
@@ -115,7 +115,7 @@ static void chttp2_init_server_simple_ssl_secure_fullstack(
   grpc_ssl_pem_key_cert_pair pem_cert_key_pair = {test_server1_key,
                                                   test_server1_cert};
   grpc_server_credentials *ssl_creds =
-      grpc_ssl_server_credentials_create(NULL, &pem_cert_key_pair, 1);
+      grpc_ssl_server_credentials_create(NULL, &pem_cert_key_pair, 1, 0);
   chttp2_init_server_secure_fullstack(f, server_args, ssl_creds);
 }
 
diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_poll.c b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_poll.c
index b1ac3e535f..d0cc3dd74a 100644
--- a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_poll.c
+++ b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack_with_poll.c
@@ -115,7 +115,7 @@ static void chttp2_init_server_simple_ssl_secure_fullstack(
   grpc_ssl_pem_key_cert_pair pem_cert_key_pair = {test_server1_key,
                                                   test_server1_cert};
   grpc_server_credentials *ssl_creds =
-      grpc_ssl_server_credentials_create(NULL, &pem_cert_key_pair, 1);
+      grpc_ssl_server_credentials_create(NULL, &pem_cert_key_pair, 1, 0);
   chttp2_init_server_secure_fullstack(f, server_args, ssl_creds);
 }
 
diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c b/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c
index de418bf7ee..f74ed9365f 100644
--- a/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c
+++ b/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c
@@ -120,7 +120,7 @@ static void chttp2_init_server_simple_ssl_secure_fullstack(
   grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key,
                                                   test_server1_cert};
   grpc_server_credentials *ssl_creds =
-      grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1);
+      grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1, 0);
   chttp2_init_server_secure_fullstack(f, server_args, ssl_creds);
 }
 
diff --git a/test/core/fling/server.c b/test/core/fling/server.c
index 082bbd368a..8f349044d9 100644
--- a/test/core/fling/server.c
+++ b/test/core/fling/server.c
@@ -210,7 +210,7 @@ int main(int argc, char **argv) {
     grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key,
                                                     test_server1_cert};
     grpc_server_credentials *ssl_creds =
-        grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1);
+        grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1, 0);
     server = grpc_server_create(NULL);
     GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr, ssl_creds));
     grpc_server_credentials_release(ssl_creds);
-- 
cgit v1.2.3


From 94329d09656f3eeb8eee40b72b96ec9cd3578559 Mon Sep 17 00:00:00 2001
From: Craig Tiller <ctiller@google.com>
Date: Thu, 23 Jul 2015 09:52:11 -0700
Subject: Make the server report monotonic times for deadlines

For very high performance systems, we're going to want to be able to
simply push the value reported from the server down onto clients.

If we report realtime now, then all wrapped languages are going to
assume it, meaning that such a change will be impossible later.
---
 src/core/surface/call.c                   |  3 ++-
 src/core/surface/server.c                 |  6 ++++--
 src/core/transport/chttp2/parsing.c       |  2 +-
 src/cpp/util/time.cc                      |  3 ++-
 src/node/ext/timeval.cc                   |  1 +
 src/python/src/grpc/_adapter/_c/utility.c |  1 +
 src/ruby/ext/grpc/rb_grpc.c               |  6 ++++--
 src/ruby/ext/grpc/rb_server.c             | 13 ++++++-------
 8 files changed, 21 insertions(+), 14 deletions(-)

(limited to 'src/ruby/ext')

diff --git a/src/core/surface/call.c b/src/core/surface/call.c
index e08273e451..1f73f9cf71 100644
--- a/src/core/surface/call.c
+++ b/src/core/surface/call.c
@@ -1368,7 +1368,8 @@ static void recv_metadata(grpc_call *call, grpc_metadata_batch *md) {
       l->md = 0;
     }
   }
-  if (gpr_time_cmp(md->deadline, gpr_inf_future(GPR_CLOCK_REALTIME)) != 0) {
+  if (gpr_time_cmp(md->deadline, gpr_inf_future(md->deadline.clock_type)) !=
+      0) {
     set_deadline_alarm(call, md->deadline);
   }
   if (!is_trailing) {
diff --git a/src/core/surface/server.c b/src/core/surface/server.c
index 439452aea2..a0d4ab3b0a 100644
--- a/src/core/surface/server.c
+++ b/src/core/surface/server.c
@@ -530,6 +530,7 @@ static grpc_mdelem *server_filter(void *user_data, grpc_mdelem *md) {
 static void server_on_recv(void *ptr, int success) {
   grpc_call_element *elem = ptr;
   call_data *calld = elem->call_data;
+  gpr_timespec op_deadline;
 
   if (success && !calld->got_initial_metadata) {
     size_t i;
@@ -539,8 +540,9 @@ static void server_on_recv(void *ptr, int success) {
       grpc_stream_op *op = &ops[i];
       if (op->type != GRPC_OP_METADATA) continue;
       grpc_metadata_batch_filter(&op->data.metadata, server_filter, elem);
-      if (0 != gpr_time_cmp(op->data.metadata.deadline,
-                            gpr_inf_future(GPR_CLOCK_REALTIME))) {
+      op_deadline = op->data.metadata.deadline;
+      if (0 !=
+          gpr_time_cmp(op_deadline, gpr_inf_future(op_deadline.clock_type))) {
         calld->deadline = op->data.metadata.deadline;
       }
       calld->got_initial_metadata = 1;
diff --git a/src/core/transport/chttp2/parsing.c b/src/core/transport/chttp2/parsing.c
index 904b9afce7..50a2f752f6 100644
--- a/src/core/transport/chttp2/parsing.c
+++ b/src/core/transport/chttp2/parsing.c
@@ -607,7 +607,7 @@ static void on_header(void *tp, grpc_mdelem *md) {
     }
     grpc_chttp2_incoming_metadata_buffer_set_deadline(
         &stream_parsing->incoming_metadata,
-        gpr_time_add(gpr_now(GPR_CLOCK_REALTIME), *cached_timeout));
+        gpr_time_add(gpr_now(GPR_CLOCK_MONOTONIC), *cached_timeout));
     GRPC_MDELEM_UNREF(md);
   } else {
     grpc_chttp2_incoming_metadata_buffer_add(&stream_parsing->incoming_metadata,
diff --git a/src/cpp/util/time.cc b/src/cpp/util/time.cc
index a814cad452..799c597e0b 100644
--- a/src/cpp/util/time.cc
+++ b/src/cpp/util/time.cc
@@ -79,9 +79,10 @@ void TimepointHR2Timespec(const high_resolution_clock::time_point& from,
 }
 
 system_clock::time_point Timespec2Timepoint(gpr_timespec t) {
-  if (gpr_time_cmp(t, gpr_inf_future(GPR_CLOCK_REALTIME)) == 0) {
+  if (gpr_time_cmp(t, gpr_inf_future(t.clock_type)) == 0) {
     return system_clock::time_point::max();
   }
+  t = gpr_convert_clock_type(t, GPR_CLOCK_REALTIME);
   system_clock::time_point tp;
   tp += duration_cast<system_clock::time_point::duration>(seconds(t.tv_sec));
   tp +=
diff --git a/src/node/ext/timeval.cc b/src/node/ext/timeval.cc
index 60de4d816d..bf68513c48 100644
--- a/src/node/ext/timeval.cc
+++ b/src/node/ext/timeval.cc
@@ -52,6 +52,7 @@ gpr_timespec MillisecondsToTimespec(double millis) {
 }
 
 double TimespecToMilliseconds(gpr_timespec timespec) {
+  timespec = gpr_convert_clock_type(timespec, GPR_CLOCK_REALTIME);
   if (gpr_time_cmp(timespec, gpr_inf_future(GPR_CLOCK_REALTIME)) == 0) {
     return std::numeric_limits<double>::infinity();
   } else if (gpr_time_cmp(timespec, gpr_inf_past(GPR_CLOCK_REALTIME)) == 0) {
diff --git a/src/python/src/grpc/_adapter/_c/utility.c b/src/python/src/grpc/_adapter/_c/utility.c
index d9f911a41a..51f3c9be01 100644
--- a/src/python/src/grpc/_adapter/_c/utility.c
+++ b/src/python/src/grpc/_adapter/_c/utility.c
@@ -374,6 +374,7 @@ PyObject *pygrpc_consume_ops(grpc_op *op, size_t nops) {
 }
 
 double pygrpc_cast_gpr_timespec_to_double(gpr_timespec timespec) {
+  timespec = gpr_convert_clock_type(timespec, GPR_CLOCK_REALTIME);
   return timespec.tv_sec + 1e-9*timespec.tv_nsec;
 }
 
diff --git a/src/ruby/ext/grpc/rb_grpc.c b/src/ruby/ext/grpc/rb_grpc.c
index 829f825597..65d9c9a237 100644
--- a/src/ruby/ext/grpc/rb_grpc.c
+++ b/src/ruby/ext/grpc/rb_grpc.c
@@ -209,10 +209,12 @@ static ID id_to_s;
 /* Converts a wrapped time constant to a standard time. */
 static VALUE grpc_rb_time_val_to_time(VALUE self) {
   gpr_timespec *time_const = NULL;
+  gpr_timespec real_time;
   TypedData_Get_Struct(self, gpr_timespec, &grpc_rb_timespec_data_type,
                        time_const);
-  return rb_funcall(rb_cTime, id_at, 2, INT2NUM(time_const->tv_sec),
-                    INT2NUM(time_const->tv_nsec));
+  real_time = gpr_convert_clock_type(*time_const, GPR_CLOCK_REALTIME);
+  return rb_funcall(rb_cTime, id_at, 2, INT2NUM(real_time.tv_sec),
+                    INT2NUM(real_time.tv_nsec));
 }
 
 /* Invokes inspect on the ctime version of the time val. */
diff --git a/src/ruby/ext/grpc/rb_server.c b/src/ruby/ext/grpc/rb_server.c
index e3a0a5ad80..375a651d24 100644
--- a/src/ruby/ext/grpc/rb_server.c
+++ b/src/ruby/ext/grpc/rb_server.c
@@ -213,6 +213,7 @@ static VALUE grpc_rb_server_request_call(VALUE self, VALUE cqueue,
   grpc_call_error err;
   request_call_stack st;
   VALUE result;
+  gpr_timespec deadline;
   TypedData_Get_Struct(self, grpc_rb_server, &grpc_rb_server_data_type, s);
   if (s->wrapped == NULL) {
     rb_raise(rb_eRuntimeError, "destroyed!");
@@ -245,15 +246,13 @@ static VALUE grpc_rb_server_request_call(VALUE self, VALUE cqueue,
     }
 
     /* build the NewServerRpc struct result */
+    deadline = gpr_convert_clock_type(st.details.deadline, GPR_CLOCK_REALTIME);
     result = rb_struct_new(
-        grpc_rb_sNewServerRpc,
-        rb_str_new2(st.details.method),
+        grpc_rb_sNewServerRpc, rb_str_new2(st.details.method),
         rb_str_new2(st.details.host),
-        rb_funcall(rb_cTime, id_at, 2, INT2NUM(st.details.deadline.tv_sec),
-                   INT2NUM(st.details.deadline.tv_nsec)),
-        grpc_rb_md_ary_to_h(&st.md_ary),
-        grpc_rb_wrap_call(call),
-        NULL);
+        rb_funcall(rb_cTime, id_at, 2, INT2NUM(deadline.tv_sec),
+                   INT2NUM(deadline.tv_nsec)),
+        grpc_rb_md_ary_to_h(&st.md_ary), grpc_rb_wrap_call(call), NULL);
     grpc_request_call_stack_cleanup(&st);
     return result;
   }
-- 
cgit v1.2.3


From ac91eddb606fce140a4f2ee3e99fe81f2efa59bc Mon Sep 17 00:00:00 2001
From: Marcin Wyszynski <marcin.pixie@gmail.com>
Date: Thu, 23 Jul 2015 19:59:46 +0200
Subject: Avoid implicit conversion on array_length

---
 src/ruby/ext/grpc/rb_call.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/ruby/ext')

diff --git a/src/ruby/ext/grpc/rb_call.c b/src/ruby/ext/grpc/rb_call.c
index bfb9f6ff01..7470698e7a 100644
--- a/src/ruby/ext/grpc/rb_call.c
+++ b/src/ruby/ext/grpc/rb_call.c
@@ -235,7 +235,7 @@ static VALUE grpc_rb_call_set_metadata(VALUE self, VALUE metadata) {
 */
 static int grpc_rb_md_ary_fill_hash_cb(VALUE key, VALUE val, VALUE md_ary_obj) {
   grpc_metadata_array *md_ary = NULL;
-  int array_length;
+  long array_length;
   int i;
 
   /* Construct a metadata object from key and value and add it */
-- 
cgit v1.2.3


From ea0c18b3f2f93c4f693646a22810a8fad00a7fb3 Mon Sep 17 00:00:00 2001
From: Marcin Wyszynski <marcin.pixie@gmail.com>
Date: Thu, 23 Jul 2015 20:00:32 +0200
Subject: Make time_t to int conversion explicit on tv_nsec

---
 src/ruby/ext/grpc/rb_grpc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/ruby/ext')

diff --git a/src/ruby/ext/grpc/rb_grpc.c b/src/ruby/ext/grpc/rb_grpc.c
index 829f825597..b0b37a8705 100644
--- a/src/ruby/ext/grpc/rb_grpc.c
+++ b/src/ruby/ext/grpc/rb_grpc.c
@@ -139,7 +139,7 @@ gpr_timespec grpc_rb_time_timeval(VALUE time, int interval) {
           rb_raise(rb_eRangeError, "%f out of Time range",
                    RFLOAT_VALUE(time));
         }
-        t.tv_nsec = (time_t)(d * 1e9 + 0.5);
+        t.tv_nsec = (int)(time_t)(d * 1e9 + 0.5);
       }
       break;
 
-- 
cgit v1.2.3


From 1a2ac33f1fcc2b9f38647d2d7912de7d8c277afa Mon Sep 17 00:00:00 2001
From: Marcin Wyszynski <marcin.pixie@gmail.com>
Date: Thu, 23 Jul 2015 20:12:33 +0200
Subject: Avoid stupid double conversion

---
 src/ruby/ext/grpc/rb_grpc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/ruby/ext')

diff --git a/src/ruby/ext/grpc/rb_grpc.c b/src/ruby/ext/grpc/rb_grpc.c
index b0b37a8705..1bb402026e 100644
--- a/src/ruby/ext/grpc/rb_grpc.c
+++ b/src/ruby/ext/grpc/rb_grpc.c
@@ -139,7 +139,7 @@ gpr_timespec grpc_rb_time_timeval(VALUE time, int interval) {
           rb_raise(rb_eRangeError, "%f out of Time range",
                    RFLOAT_VALUE(time));
         }
-        t.tv_nsec = (int)(time_t)(d * 1e9 + 0.5);
+        t.tv_nsec = (int)(d * 1e9 + 0.5);
       }
       break;
 
-- 
cgit v1.2.3


From a5fea60e8d8c7bdf0cc82ac04a5c086b900d7531 Mon Sep 17 00:00:00 2001
From: Marcin Wyszynski <marcin.pixie@gmail.com>
Date: Fri, 24 Jul 2015 10:24:32 +0200
Subject: array_length and it's counter types should match

---
 src/ruby/ext/grpc/rb_call.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/ruby/ext')

diff --git a/src/ruby/ext/grpc/rb_call.c b/src/ruby/ext/grpc/rb_call.c
index 7470698e7a..a7607a83a3 100644
--- a/src/ruby/ext/grpc/rb_call.c
+++ b/src/ruby/ext/grpc/rb_call.c
@@ -236,7 +236,7 @@ static VALUE grpc_rb_call_set_metadata(VALUE self, VALUE metadata) {
 static int grpc_rb_md_ary_fill_hash_cb(VALUE key, VALUE val, VALUE md_ary_obj) {
   grpc_metadata_array *md_ary = NULL;
   long array_length;
-  int i;
+  long i;
 
   /* Construct a metadata object from key and value and add it */
   TypedData_Get_Struct(md_ary_obj, grpc_metadata_array,
-- 
cgit v1.2.3