GRPC Core  18.0.0
Functions
grpc_tls_credentials_options.cc File Reference
#include <grpc/support/port_platform.h>
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
#include <stdlib.h>
#include <string.h>
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
#include "src/core/lib/surface/api_trace.h"

Functions

grpc_tls_credentials_optionsgrpc_tls_credentials_options_create ()
 – Wrapper APIs declared in grpc_security.hMore...
 
void grpc_tls_credentials_options_set_cert_request_type (grpc_tls_credentials_options *options, grpc_ssl_client_certificate_request_type type)
 Sets the options of whether to request and verify client certs. More...
 
void grpc_tls_credentials_options_set_server_verification_option (grpc_tls_credentials_options *options, grpc_tls_server_verification_option server_verification_option)
 Sets the options of whether to choose certain checks, e.g. More...
 
void grpc_tls_credentials_options_set_certificate_provider (grpc_tls_credentials_options *options, grpc_tls_certificate_provider *provider)
 Sets the credential provider in the options. More...
 
void grpc_tls_credentials_options_watch_root_certs (grpc_tls_credentials_options *options)
 If set, gRPC stack will keep watching the root certificates with name |root_cert_name|. More...
 
void grpc_tls_credentials_options_set_root_cert_name (grpc_tls_credentials_options *options, const char *root_cert_name)
 Sets the name of the root certificates being watched. More...
 
void grpc_tls_credentials_options_watch_identity_key_cert_pairs (grpc_tls_credentials_options *options)
 If set, gRPC stack will keep watching the identity key-cert pairs with name |identity_cert_name|. More...
 
void grpc_tls_credentials_options_set_identity_cert_name (grpc_tls_credentials_options *options, const char *identity_cert_name)
 Sets the name of the identity certificates being watched. More...
 
void grpc_tls_credentials_options_set_server_authorization_check_config (grpc_tls_credentials_options *options, grpc_tls_server_authorization_check_config *config)
 Sets the configuration for a custom authorization check performed at the end of the handshake. More...
 
grpc_tls_server_authorization_check_configgrpc_tls_server_authorization_check_config_create (const void *config_user_data, int(*schedule)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*cancel)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg), void(*destruct)(void *config_user_data))
 Create a grpc_tls_server_authorization_check_config instance. More...
 
void grpc_tls_server_authorization_check_config_release (grpc_tls_server_authorization_check_config *config)
 Releases a grpc_tls_server_authorization_check_config object. More...
 

Function Documentation

◆ grpc_tls_credentials_options_create()

grpc_tls_credentials_options* grpc_tls_credentials_options_create ( void  )

– Wrapper APIs declared in grpc_security.h

Creates an grpc_tls_credentials_options.

◆ grpc_tls_credentials_options_set_cert_request_type()

void grpc_tls_credentials_options_set_cert_request_type ( grpc_tls_credentials_options options,
grpc_ssl_client_certificate_request_type  type 
)

Sets the options of whether to request and verify client certs.

This should be called only on the server side. It is used for experimental purpose for now and subject to change.

◆ grpc_tls_credentials_options_set_certificate_provider()

void grpc_tls_credentials_options_set_certificate_provider ( grpc_tls_credentials_options options,
grpc_tls_certificate_provider provider 
)

Sets the credential provider in the options.

The |options| will implicitly take a new ref to the |provider|. It is used for experimental purpose for now and subject to change.

◆ grpc_tls_credentials_options_set_identity_cert_name()

void grpc_tls_credentials_options_set_identity_cert_name ( grpc_tls_credentials_options options,
const char *  identity_cert_name 
)

Sets the name of the identity certificates being watched.

If not set, We will use a default empty string as the identity certificate name. It is used for experimental purpose for now and subject to change.

◆ grpc_tls_credentials_options_set_root_cert_name()

void grpc_tls_credentials_options_set_root_cert_name ( grpc_tls_credentials_options options,
const char *  root_cert_name 
)

Sets the name of the root certificates being watched.

If not set, We will use a default empty string as the root certificate name. It is used for experimental purpose for now and subject to change.

◆ grpc_tls_credentials_options_set_server_authorization_check_config()

void grpc_tls_credentials_options_set_server_authorization_check_config ( grpc_tls_credentials_options options,
grpc_tls_server_authorization_check_config config 
)

Sets the configuration for a custom authorization check performed at the end of the handshake.

The |options| will implicitly take a new ref to the |config|. It is used for experimental purpose for now and subject to change.

◆ grpc_tls_credentials_options_set_server_verification_option()

void grpc_tls_credentials_options_set_server_verification_option ( grpc_tls_credentials_options options,
grpc_tls_server_verification_option  server_verification_option 
)

Sets the options of whether to choose certain checks, e.g.

certificate check, hostname check, etc. This should be called only on the client side. If |server_verification_option| is not GRPC_TLS_SERVER_VERIFICATION, use of a custom authorization check (grpc_tls_server_authorization_check_config) is mandatory. It is used for experimental purpose for now and subject to change.

◆ grpc_tls_credentials_options_watch_identity_key_cert_pairs()

void grpc_tls_credentials_options_watch_identity_key_cert_pairs ( grpc_tls_credentials_options options)

If set, gRPC stack will keep watching the identity key-cert pairs with name |identity_cert_name|.

This is required on the server side, and optional on the client side. It is used for experimental purpose for now and subject to change.

◆ grpc_tls_credentials_options_watch_root_certs()

void grpc_tls_credentials_options_watch_root_certs ( grpc_tls_credentials_options options)

If set, gRPC stack will keep watching the root certificates with name |root_cert_name|.

If this is not set on the client side, we will use the root certificates stored in the default system location, since client side must provide root certificates in TLS. If this is not set on the server side, we will not watch any root certificate updates, and assume no root certificates needed for the server(single-side TLS). Default root certs on the server side is not supported. It is used for experimental purpose for now and subject to change.

◆ grpc_tls_server_authorization_check_config_create()

grpc_tls_server_authorization_check_config* grpc_tls_server_authorization_check_config_create ( const void *  config_user_data,
int(*)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg)  schedule,
void(*)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg)  cancel,
void(*)(void *config_user_data)  destruct 
)

Create a grpc_tls_server_authorization_check_config instance.

  • config_user_data is config-specific, read-only user data that works for all channels created with a credential using the config.
  • schedule is a pointer to an application-provided callback used to invoke server authorization check API. The implementation of this method has to be non-blocking, but can be performed synchronously or asynchronously. 1)If processing occurs synchronously, it populates arg->result, arg->status, and arg->error_details and returns zero. 2) If processing occurs asynchronously, it returns a non-zero value. The application then invokes arg->cb when processing is completed. Note that arg->cb cannot be invoked before schedule API returns.
  • cancel is a pointer to an application-provided callback used to cancel a server authorization check request scheduled via an asynchronous schedule API. arg is used to pinpoint an exact check request to be cancelled. The operation may not have any effect if the request has already been processed.
  • destruct is a pointer to an application-provided callback used to clean up any data associated with the config. It is used for experimental purpose for now and subject to change.

◆ grpc_tls_server_authorization_check_config_release()

void grpc_tls_server_authorization_check_config_release ( grpc_tls_server_authorization_check_config config)

Releases a grpc_tls_server_authorization_check_config object.

The creator of the grpc_tls_server_authorization_check_config object is responsible for its release. It is used for experimental purpose for now and subject to change.