GRPC C++
1.39.1
|
#include <grpc/support/port_platform.h>
#include "src/core/lib/security/credentials/ssl/ssl_credentials.h"
#include <string.h>
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/surface/api_trace.h"
#include "src/core/tsi/ssl_transport_security.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
Data Structures | |
struct | grpc_ssl_server_credentials_options |
tsi_ssl_pem_key_cert_pair* grpc_convert_grpc_to_tsi_cert_pairs | ( | const grpc_ssl_pem_key_cert_pair * | pem_key_cert_pairs, |
size_t | num_key_cert_pairs | ||
) |
grpc_channel_credentials* grpc_ssl_credentials_create | ( | const char * | pem_root_certs, |
grpc_ssl_pem_key_cert_pair * | pem_key_cert_pair, | ||
const verify_peer_options * | verify_options, | ||
void * | reserved | ||
) |
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
It will be removed after all of its call sites are migrated to grpc_ssl_server_credentials_create_ex. Creates an SSL credentials object. The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
pem_root_certs is the NULL-terminated string containing the PEM encoding of the server root certificates. If this parameter is NULL, the implementation will first try to dereference the file pointed by the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails, try to get the roots set by grpc_override_ssl_default_roots. Eventually, if all these fail, it will try to get the roots from a well-known place on disk (in the grpc install directory).
gRPC has implemented root cache if the underlying OpenSSL library supports it. The gRPC root certificates cache is only applicable on the default root certificates, which is used when this parameter is nullptr. If user provides their own pem_root_certs, when creating an SSL credential object, gRPC would not be able to cache it, and each subchannel will generate a copy of the root store. So it is recommended to avoid providing large room pem with pem_root_certs parameter to avoid excessive memory consumption, particularly on mobile platforms such as iOS.
grpc_channel_credentials* grpc_ssl_credentials_create_ex | ( | const char * | pem_root_certs, |
grpc_ssl_pem_key_cert_pair * | pem_key_cert_pair, | ||
const grpc_ssl_verify_peer_options * | verify_options, | ||
void * | reserved | ||
) |
grpc_ssl_server_certificate_config* grpc_ssl_server_certificate_config_create | ( | const char * | pem_root_certs, |
const grpc_ssl_pem_key_cert_pair * | pem_key_cert_pairs, | ||
size_t | num_key_cert_pairs | ||
) |
Creates a grpc_ssl_server_certificate_config object.
void grpc_ssl_server_certificate_config_destroy | ( | grpc_ssl_server_certificate_config * | config | ) |
Destroys a grpc_ssl_server_certificate_config object.
grpc_server_credentials* grpc_ssl_server_credentials_create | ( | const char * | pem_root_certs, |
grpc_ssl_pem_key_cert_pair * | pem_key_cert_pairs, | ||
size_t | num_key_cert_pairs, | ||
int | force_client_auth, | ||
void * | reserved | ||
) |
Deprecated in favor of grpc_ssl_server_credentials_create_ex.
Creates an SSL server_credentials object.
grpc_server_credentials* grpc_ssl_server_credentials_create_ex | ( | const char * | pem_root_certs, |
grpc_ssl_pem_key_cert_pair * | pem_key_cert_pairs, | ||
size_t | num_key_cert_pairs, | ||
grpc_ssl_client_certificate_request_type | client_certificate_request, | ||
void * | reserved | ||
) |
Deprecated in favor of grpc_ssl_server_credentials_create_with_options.
Same as grpc_ssl_server_credentials_create method except uses grpc_ssl_client_certificate_request_type enum to support more ways to authenticate client certificates.
grpc_ssl_server_credentials_options* grpc_ssl_server_credentials_create_options_using_config | ( | grpc_ssl_client_certificate_request_type | client_certificate_request, |
grpc_ssl_server_certificate_config * | certificate_config | ||
) |
Creates an options object using a certificate config.
Use this method when the certificates and keys of the SSL server will not change during the server's lifetime.
grpc_ssl_server_credentials_options* grpc_ssl_server_credentials_create_options_using_config_fetcher | ( | grpc_ssl_client_certificate_request_type | client_certificate_request, |
grpc_ssl_server_certificate_config_callback | cb, | ||
void * | user_data | ||
) |
Creates an options object using a certificate config fetcher.
Use this method to reload the certificates and keys of the SSL server without interrupting the operation of the server. Initial certificate config will be fetched during server initialization.
grpc_server_credentials* grpc_ssl_server_credentials_create_with_options | ( | grpc_ssl_server_credentials_options * | options | ) |
Creates an SSL server_credentials object using the provided options struct.
void grpc_ssl_server_credentials_options_destroy | ( | grpc_ssl_server_credentials_options * | o | ) |
Destroys a grpc_ssl_server_credentials_options object.
void grpc_tsi_ssl_pem_key_cert_pairs_destroy | ( | tsi_ssl_pem_key_cert_pair * | kp, |
size_t | num_key_cert_pairs | ||
) |