GRPC Core  18.0.0
Namespaces | Macros | Functions
ssl_utils.cc File Reference
#include <grpc/support/port_platform.h>
#include "src/core/lib/security/security_connector/ssl_utils.h"
#include <vector>
#include "absl/strings/str_cat.h"
#include <grpc/slice_buffer.h>
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/gpr/string.h"
#include "src/core/lib/gprpp/host_port.h"
#include "src/core/lib/gprpp/ref_counted_ptr.h"
#include "src/core/lib/iomgr/load_file.h"
#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/security/security_connector/load_system_roots.h"
#include "src/core/lib/security/security_connector/ssl_utils_config.h"
#include "src/core/tsi/ssl_transport_security.h"

Namespaces

 grpc_core
 Round Robin Policy.
 

Macros

#define TSI_OPENSSL_ALPN_SUPPORT   1
 

Functions

void grpc_set_ssl_roots_override_callback (grpc_ssl_roots_override_callback cb)
 Setup a callback to override the default TLS/SSL roots. More...
 
 GPR_GLOBAL_CONFIG_DEFINE_STRING (grpc_ssl_cipher_suites, "TLS_AES_128_GCM_SHA256:" "TLS_AES_256_GCM_SHA384:" "TLS_CHACHA20_POLY1305_SHA256:" "ECDHE-ECDSA-AES128-GCM-SHA256:" "ECDHE-ECDSA-AES256-GCM-SHA384:" "ECDHE-RSA-AES128-GCM-SHA256:" "ECDHE-RSA-AES256-GCM-SHA384", "A colon separated list of cipher suites to use with OpenSSL") static void init_cipher_suites(void)
 
const char * grpc_get_ssl_cipher_suites (void)
 
grpc_security_level grpc_tsi_security_level_string_to_enum (const char *security_level)
 
const char * grpc_security_level_to_string (grpc_security_level security_level)
 
bool grpc_check_security_level (grpc_security_level channel_level, grpc_security_level call_cred_level)
 
tsi_client_certificate_request_type grpc_get_tsi_client_certificate_request_type (grpc_ssl_client_certificate_request_type grpc_request_type)
 
tsi_tls_version grpc_get_tsi_tls_version (grpc_tls_version tls_version)
 
grpc_error_handle grpc_ssl_check_alpn (const tsi_peer *peer)
 
grpc_error_handle grpc_ssl_check_peer_name (absl::string_view peer_name, const tsi_peer *peer)
 
bool grpc_ssl_check_call_host (absl::string_view host, absl::string_view target_name, absl::string_view overridden_target_name, grpc_auth_context *auth_context, grpc_error_handle *error)
 
const char ** grpc_fill_alpn_protocol_strings (size_t *num_alpn_protocols)
 
int grpc_ssl_host_matches_name (const tsi_peer *peer, absl::string_view peer_name)
 
int grpc_ssl_cmp_target_name (absl::string_view target_name, absl::string_view other_target_name, absl::string_view overridden_target_name, absl::string_view other_overridden_target_name)
 
grpc_core::RefCountedPtr< grpc_auth_contextgrpc_ssl_peer_to_auth_context (const tsi_peer *peer, const char *transport_security_type)
 
tsi_peer grpc_shallow_peer_from_ssl_auth_context (const grpc_auth_context *auth_context)
 
void grpc_shallow_peer_destruct (tsi_peer *peer)
 
grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init (tsi_ssl_pem_key_cert_pair *pem_key_cert_pair, const char *pem_root_certs, bool skip_server_certificate_verification, tsi_tls_version min_tls_version, tsi_tls_version max_tls_version, tsi_ssl_session_cache *ssl_session_cache, tsi_ssl_client_handshaker_factory **handshaker_factory)
 
grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init (tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, const char *pem_root_certs, grpc_ssl_client_certificate_request_type client_certificate_request, tsi_tls_version min_tls_version, tsi_tls_version max_tls_version, tsi_ssl_server_handshaker_factory **handshaker_factory)
 
grpc_ssl_session_cachegrpc_ssl_session_cache_create_lru (size_t capacity)
 Create LRU cache for client-side SSL sessions with the given capacity. More...
 
void grpc_ssl_session_cache_destroy (grpc_ssl_session_cache *cache)
 Destroy SSL session cache. More...
 
grpc_arg grpc_ssl_session_cache_create_channel_arg (grpc_ssl_session_cache *cache)
 Create a channel arg with the given cache object. More...
 

Macro Definition Documentation

◆ TSI_OPENSSL_ALPN_SUPPORT

#define TSI_OPENSSL_ALPN_SUPPORT   1

Function Documentation

◆ GPR_GLOBAL_CONFIG_DEFINE_STRING()

GPR_GLOBAL_CONFIG_DEFINE_STRING ( grpc_ssl_cipher_suites  ,
"TLS_AES_128_GCM_SHA256:" "TLS_AES_256_GCM_SHA384:" "TLS_CHACHA20_POLY1305_SHA256:" "ECDHE-ECDSA-AES128-GCM-SHA256:" "ECDHE-ECDSA-AES256-GCM-SHA384:" "ECDHE-RSA-AES128-GCM-SHA256:" "ECDHE-RSA-AES256-GCM-SHA384"  ,
"A colon separated list of cipher suites to use with OpenSSL"   
)

◆ grpc_check_security_level()

bool grpc_check_security_level ( grpc_security_level  channel_level,
grpc_security_level  call_cred_level 
)

◆ grpc_fill_alpn_protocol_strings()

const char** grpc_fill_alpn_protocol_strings ( size_t *  num_alpn_protocols)

◆ grpc_get_ssl_cipher_suites()

const char* grpc_get_ssl_cipher_suites ( void  )

◆ grpc_get_tsi_client_certificate_request_type()

tsi_client_certificate_request_type grpc_get_tsi_client_certificate_request_type ( grpc_ssl_client_certificate_request_type  grpc_request_type)

◆ grpc_get_tsi_tls_version()

tsi_tls_version grpc_get_tsi_tls_version ( grpc_tls_version  tls_version)

◆ grpc_security_level_to_string()

const char* grpc_security_level_to_string ( grpc_security_level  security_level)

◆ grpc_set_ssl_roots_override_callback()

void grpc_set_ssl_roots_override_callback ( grpc_ssl_roots_override_callback  cb)

Setup a callback to override the default TLS/SSL roots.

This function is not thread-safe and must be called at initialization time before any ssl credentials are created to have the desired side effect. If GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set to a valid path, the callback will not be called.

◆ grpc_shallow_peer_destruct()

void grpc_shallow_peer_destruct ( tsi_peer peer)

◆ grpc_shallow_peer_from_ssl_auth_context()

tsi_peer grpc_shallow_peer_from_ssl_auth_context ( const grpc_auth_context auth_context)

◆ grpc_ssl_check_alpn()

grpc_error_handle grpc_ssl_check_alpn ( const tsi_peer peer)

◆ grpc_ssl_check_call_host()

bool grpc_ssl_check_call_host ( absl::string_view  host,
absl::string_view  target_name,
absl::string_view  overridden_target_name,
grpc_auth_context auth_context,
grpc_error_handle error 
)

◆ grpc_ssl_check_peer_name()

grpc_error_handle grpc_ssl_check_peer_name ( absl::string_view  peer_name,
const tsi_peer peer 
)

◆ grpc_ssl_cmp_target_name()

int grpc_ssl_cmp_target_name ( absl::string_view  target_name,
absl::string_view  other_target_name,
absl::string_view  overridden_target_name,
absl::string_view  other_overridden_target_name 
)

◆ grpc_ssl_host_matches_name()

int grpc_ssl_host_matches_name ( const tsi_peer peer,
absl::string_view  peer_name 
)

◆ grpc_ssl_peer_to_auth_context()

grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context ( const tsi_peer peer,
const char *  transport_security_type 
)

◆ grpc_ssl_session_cache_create_channel_arg()

grpc_arg grpc_ssl_session_cache_create_channel_arg ( grpc_ssl_session_cache cache)

Create a channel arg with the given cache object.

◆ grpc_ssl_session_cache_create_lru()

grpc_ssl_session_cache* grpc_ssl_session_cache_create_lru ( size_t  capacity)

Create LRU cache for client-side SSL sessions with the given capacity.

If capacity is < 1, a default capacity is used instead.

◆ grpc_ssl_session_cache_destroy()

void grpc_ssl_session_cache_destroy ( grpc_ssl_session_cache cache)

Destroy SSL session cache.

◆ grpc_ssl_tsi_client_handshaker_factory_init()

grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init ( tsi_ssl_pem_key_cert_pair pem_key_cert_pair,
const char *  pem_root_certs,
bool  skip_server_certificate_verification,
tsi_tls_version  min_tls_version,
tsi_tls_version  max_tls_version,
tsi_ssl_session_cache ssl_session_cache,
tsi_ssl_client_handshaker_factory **  handshaker_factory 
)

◆ grpc_ssl_tsi_server_handshaker_factory_init()

grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init ( tsi_ssl_pem_key_cert_pair pem_key_cert_pairs,
size_t  num_key_cert_pairs,
const char *  pem_root_certs,
grpc_ssl_client_certificate_request_type  client_certificate_request,
tsi_tls_version  min_tls_version,
tsi_tls_version  max_tls_version,
tsi_ssl_server_handshaker_factory **  handshaker_factory 
)

◆ grpc_tsi_security_level_string_to_enum()

grpc_security_level grpc_tsi_security_level_string_to_enum ( const char *  security_level)