GRPC C++  1.39.1
grpc_security_constants.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2016 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_GRPC_SECURITY_CONSTANTS_H
20 #define GRPC_GRPC_SECURITY_CONSTANTS_H
21 
22 #ifdef __cplusplus
23 extern "C" {
24 #endif
25 
26 #define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME "transport_security_type"
27 #define GRPC_SSL_TRANSPORT_SECURITY_TYPE "ssl"
28 
29 #define GRPC_X509_CN_PROPERTY_NAME "x509_common_name"
30 #define GRPC_X509_SAN_PROPERTY_NAME "x509_subject_alternative_name"
31 #define GRPC_X509_PEM_CERT_PROPERTY_NAME "x509_pem_cert"
32 // Please note that internally, we just faithfully pass whatever value we got by
33 // calling SSL_get_peer_cert_chain() in OpenSSL/BoringSSL. This will mean in
34 // OpenSSL, the following conditions might apply:
35 // 1. On the client side, this property returns the full certificate chain. On
36 // the server side, this property will return the certificate chain without the
37 // leaf certificate. Application can use GRPC_X509_PEM_CERT_PROPERTY_NAME to
38 // get the peer leaf certificate.
39 // 2. If the session is resumed, this property could be empty for OpenSSL (but
40 // not for BoringSSL).
41 // For more, please refer to the official OpenSSL manual:
42 // https://www.openssl.org/docs/man1.1.0/man3/SSL_get_peer_cert_chain.html.
43 #define GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME "x509_pem_cert_chain"
44 #define GRPC_SSL_SESSION_REUSED_PROPERTY "ssl_session_reused"
45 #define GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME "security_level"
46 #define GRPC_PEER_DNS_PROPERTY_NAME "peer_dns"
47 #define GRPC_PEER_SPIFFE_ID_PROPERTY_NAME "peer_spiffe_id"
48 #define GRPC_PEER_URI_PROPERTY_NAME "peer_uri"
49 #define GRPC_PEER_EMAIL_PROPERTY_NAME "peer_email"
50 #define GRPC_PEER_IP_PROPERTY_NAME "peer_ip"
51 
55 #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \
56  "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"
57 
61 #define GRPC_GOOGLE_CREDENTIALS_ENV_VAR "GOOGLE_APPLICATION_CREDENTIALS"
62 
64 typedef enum {
69 
71 typedef enum {
76 
77 typedef enum {
125 
126 /* Security levels of grpc transport security. It represents an inherent
127  * property of a backend connection and is determined by a channel credential
128  * used to create the connection. */
129 typedef enum {
136 
137 typedef enum {
150 
155 typedef enum { UDS = 0, LOCAL_TCP } grpc_local_connect_type;
156 
158 typedef enum { TLS1_2, TLS1_3 } grpc_tls_version;
159 
160 #ifdef __cplusplus
161 }
162 #endif
163 
164 #endif /* GRPC_GRPC_SECURITY_CONSTANTS_H */
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:77
@ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
Server requests client certificate and enforces that the client presents a certificate.
Definition: grpc_security_constants.h:123
@ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY
Server requests client certificate and enforces that the client presents a certificate.
Definition: grpc_security_constants.h:113
@ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY
Server requests client certificate but does not enforce that the client presents a certificate.
Definition: grpc_security_constants.h:103
@ GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE
Server does not request client certificate.
Definition: grpc_security_constants.h:82
@ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY
Server requests client certificate but does not enforce that the client presents a certificate.
Definition: grpc_security_constants.h:92
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:155
@ UDS
Definition: grpc_security_constants.h:155
@ LOCAL_TCP
Definition: grpc_security_constants.h:155
grpc_security_level
Definition: grpc_security_constants.h:129
@ GRPC_SECURITY_MIN
Definition: grpc_security_constants.h:130
@ GRPC_SECURITY_MAX
Definition: grpc_security_constants.h:134
@ GRPC_SECURITY_NONE
Definition: grpc_security_constants.h:131
@ GRPC_INTEGRITY_ONLY
Definition: grpc_security_constants.h:132
@ GRPC_PRIVACY_AND_INTEGRITY
Definition: grpc_security_constants.h:133
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:71
@ GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW
Definition: grpc_security_constants.h:73
@ GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL
Definition: grpc_security_constants.h:74
@ GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED
Definition: grpc_security_constants.h:72
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:64
@ GRPC_SSL_ROOTS_OVERRIDE_FAIL
Do not try fallback options.
Definition: grpc_security_constants.h:67
@ GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY
Definition: grpc_security_constants.h:66
@ GRPC_SSL_ROOTS_OVERRIDE_OK
Definition: grpc_security_constants.h:65
grpc_tls_server_verification_option
Definition: grpc_security_constants.h:137
@ GRPC_TLS_SERVER_VERIFICATION
Default option: performs server certificate verification and hostname verification.
Definition: grpc_security_constants.h:140
@ GRPC_TLS_SKIP_ALL_SERVER_VERIFICATION
Skips both server certificate and hostname verification.
Definition: grpc_security_constants.h:148
@ GRPC_TLS_SKIP_HOSTNAME_VERIFICATION
Performs server certificate verification, but skips hostname verification Client is responsible for v...
Definition: grpc_security_constants.h:144
grpc_tls_version
The TLS versions that are supported by the SSL stack.
Definition: grpc_security_constants.h:158
@ TLS1_2
Definition: grpc_security_constants.h:158
@ TLS1_3
Definition: grpc_security_constants.h:158