19 #ifndef GRPC_CORE_TSI_SSL_TRANSPORT_SECURITY_H
20 #define GRPC_CORE_TSI_SSL_TRANSPORT_SECURITY_H
25 #include "absl/strings/string_view.h"
29 #include <openssl/x509.h>
33 #define TSI_X509_CERTIFICATE_TYPE "X509"
36 #define TSI_X509_SUBJECT_COMMON_NAME_PEER_PROPERTY "x509_subject_common_name"
37 #define TSI_X509_SUBJECT_ALTERNATIVE_NAME_PEER_PROPERTY \
38 "x509_subject_alternative_name"
39 #define TSI_SSL_SESSION_REUSED_PEER_PROPERTY "ssl_session_reused"
40 #define TSI_X509_PEM_CERT_PROPERTY "x509_pem_cert"
41 #define TSI_X509_PEM_CERT_CHAIN_PROPERTY "x509_pem_cert_chain"
42 #define TSI_SSL_ALPN_SELECTED_PROTOCOL "ssl_alpn_selected_protocol"
43 #define TSI_X509_DNS_PEER_PROPERTY "x509_dns"
44 #define TSI_X509_URI_PEER_PROPERTY "x509_uri"
45 #define TSI_X509_EMAIL_PEER_PROPERTY "x509_email"
46 #define TSI_X509_IP_PEER_PROPERTY "x509_ip"
57 const char* pem_roots);
118 const char* pem_root_certs,
const char* cipher_suites,
119 const char** alpn_protocols, uint16_t num_alpn_protocols,
232 size_t num_key_cert_pairs,
const char* pem_client_root_certs,
233 int force_client_auth,
const char* cipher_suites,
234 const char** alpn_protocols, uint16_t num_alpn_protocols,
246 size_t num_key_cert_pairs,
const char* pem_client_root_certs,
248 const char* cipher_suites,
const char** alpn_protocols,
358 const char* pem_cert,
tsi_peer* peer);
tsi_result tsi_create_ssl_client_handshaker_factory(const tsi_ssl_pem_key_cert_pair *pem_key_cert_pair, const char *pem_root_certs, const char *cipher_suites, const char **alpn_protocols, uint16_t num_alpn_protocols, tsi_ssl_client_handshaker_factory **factory)
Definition: ssl_transport_security.cc:1892
void(* tsi_ssl_handshaker_factory_destructor)(tsi_ssl_handshaker_factory *factory)
Definition: ssl_transport_security.h:343
int tsi_ssl_peer_matches_name(const tsi_peer *peer, absl::string_view name)
Definition: ssl_transport_security.cc:2201
struct tsi_ssl_session_cache tsi_ssl_session_cache
Definition: ssl_transport_security.h:66
tsi_ssl_session_cache * tsi_ssl_session_cache_create_lru(size_t capacity)
Definition: ssl_transport_security.cc:1005
void tsi_ssl_client_handshaker_factory_unref(tsi_ssl_client_handshaker_factory *factory)
Definition: ssl_transport_security.cc:1714
void tsi_ssl_session_cache_ref(tsi_ssl_session_cache *cache)
Definition: ssl_transport_security.cc:1011
void tsi_ssl_server_handshaker_factory_unref(tsi_ssl_server_handshaker_factory *factory)
Definition: ssl_transport_security.cc:1752
void tsi_ssl_root_certs_store_destroy(tsi_ssl_root_certs_store *self)
Definition: ssl_transport_security.cc:997
const tsi_ssl_handshaker_factory_vtable * tsi_ssl_handshaker_factory_swap_vtable(tsi_ssl_handshaker_factory *factory, tsi_ssl_handshaker_factory_vtable *new_vtable)
Definition: ssl_transport_security.cc:2241
void tsi_ssl_session_cache_unref(tsi_ssl_session_cache *cache)
Definition: ssl_transport_security.cc:1016
tsi_result tsi_create_ssl_server_handshaker_factory_with_options(const tsi_ssl_server_handshaker_options *options, tsi_ssl_server_handshaker_factory **factory)
Definition: ssl_transport_security.cc:2047
tsi_result tsi_create_ssl_server_handshaker_factory_ex(const tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, const char *pem_client_root_certs, tsi_client_certificate_request_type client_certificate_request, const char *cipher_suites, const char **alpn_protocols, uint16_t num_alpn_protocols, tsi_ssl_server_handshaker_factory **factory)
Definition: ssl_transport_security.cc:2029
tsi_ssl_root_certs_store * tsi_ssl_root_certs_store_create(const char *pem_roots)
Definition: ssl_transport_security.cc:968
tsi_result tsi_ssl_extract_x509_subject_names_from_pem_cert(const char *pem_cert, tsi_peer *peer)
Definition: ssl_transport_security.cc:845
tsi_result tsi_create_ssl_client_handshaker_factory_with_options(const tsi_ssl_client_handshaker_options *options, tsi_ssl_client_handshaker_factory **factory)
Definition: ssl_transport_security.cc:1907
tsi_result tsi_ssl_get_cert_chain_contents(STACK_OF(X509) *peer_chain, tsi_peer_property *property)
Definition: ssl_transport_security.cc:1214
tsi_result tsi_ssl_server_handshaker_factory_create_handshaker(tsi_ssl_server_handshaker_factory *factory, tsi_handshaker **handshaker)
Definition: ssl_transport_security.cc:1743
tsi_result tsi_ssl_client_handshaker_factory_create_handshaker(tsi_ssl_client_handshaker_factory *factory, const char *server_name_indication, tsi_handshaker **handshaker)
Definition: ssl_transport_security.cc:1706
tsi_result tsi_create_ssl_server_handshaker_factory(const tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, const char *pem_client_root_certs, int force_client_auth, const char *cipher_suites, const char **alpn_protocols, uint16_t num_alpn_protocols, tsi_ssl_server_handshaker_factory **factory)
Definition: ssl_transport_security.cc:2016
Definition: transport_security.h:77
Definition: transport_security_interface.h:208
Definition: transport_security_interface.h:216
Definition: ssl_transport_security.cc:92
Definition: ssl_transport_security.h:122
const tsi_ssl_root_certs_store * root_store
Definition: ssl_transport_security.h:134
tsi_tls_version min_tls_version
Definition: ssl_transport_security.h:156
tsi_ssl_client_handshaker_options()
Definition: ssl_transport_security.h:159
const char * pem_root_certs
Definition: ssl_transport_security.h:129
bool skip_server_certificate_verification
Definition: ssl_transport_security.h:153
tsi_tls_version max_tls_version
Definition: ssl_transport_security.h:157
const char * cipher_suites
Definition: ssl_transport_security.h:140
const char ** alpn_protocols
Definition: ssl_transport_security.h:144
tsi_ssl_session_cache * session_cache
Definition: ssl_transport_security.h:150
size_t num_alpn_protocols
Definition: ssl_transport_security.h:148
const tsi_ssl_pem_key_cert_pair * pem_key_cert_pair
Definition: ssl_transport_security.h:126
Definition: ssl_transport_security.h:347
tsi_ssl_handshaker_factory_destructor destroy
Definition: ssl_transport_security.h:348
Definition: ssl_transport_security.cc:87
Definition: ssl_transport_security.h:86
const char * cert_chain
Definition: ssl_transport_security.h:93
const char * private_key
Definition: ssl_transport_security.h:89
Definition: ssl_transport_security.cc:83
Definition: ssl_transport_security.cc:100
Definition: ssl_transport_security.h:251
const char * cipher_suites
Definition: ssl_transport_security.h:271
size_t session_ticket_key_size
Definition: ssl_transport_security.h:284
tsi_tls_version max_tls_version
Definition: ssl_transport_security.h:287
const tsi_ssl_pem_key_cert_pair * pem_key_cert_pairs
Definition: ssl_transport_security.h:254
size_t num_key_cert_pairs
Definition: ssl_transport_security.h:257
const char * session_ticket_key
Definition: ssl_transport_security.h:282
const char ** alpn_protocols
Definition: ssl_transport_security.h:275
tsi_ssl_server_handshaker_options()
Definition: ssl_transport_security.h:289
tsi_tls_version min_tls_version
Definition: ssl_transport_security.h:286
uint16_t num_alpn_protocols
Definition: ssl_transport_security.h:279
tsi_client_certificate_request_type client_certificate_request
Definition: ssl_transport_security.h:265
const char * pem_client_root_certs
Definition: ssl_transport_security.h:261
tsi_result
Definition: transport_security_interface.h:31
tsi_tls_version
Definition: transport_security_interface.h:67
@ TSI_TLS1_2
Definition: transport_security_interface.h:68
@ TSI_TLS1_3
Definition: transport_security_interface.h:69
tsi_client_certificate_request_type
Definition: transport_security_interface.h:58
@ TSI_DONT_REQUEST_CLIENT_CERTIFICATE
Definition: transport_security_interface.h:60