GRPC Core
18.0.0
|
#include <grpc/support/port_platform.h>
#include "src/core/lib/security/security_connector/ssl_utils.h"
#include <vector>
#include "absl/strings/str_cat.h"
#include <grpc/slice_buffer.h>
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/gpr/string.h"
#include "src/core/lib/gprpp/host_port.h"
#include "src/core/lib/gprpp/ref_counted_ptr.h"
#include "src/core/lib/iomgr/load_file.h"
#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/security/security_connector/load_system_roots.h"
#include "src/core/lib/security/security_connector/ssl_utils_config.h"
#include "src/core/tsi/ssl_transport_security.h"
Namespaces | |
grpc_core | |
Round Robin Policy. | |
Macros | |
#define | TSI_OPENSSL_ALPN_SUPPORT 1 |
Functions | |
void | grpc_set_ssl_roots_override_callback (grpc_ssl_roots_override_callback cb) |
Setup a callback to override the default TLS/SSL roots. More... | |
GPR_GLOBAL_CONFIG_DEFINE_STRING (grpc_ssl_cipher_suites, "TLS_AES_128_GCM_SHA256:" "TLS_AES_256_GCM_SHA384:" "TLS_CHACHA20_POLY1305_SHA256:" "ECDHE-ECDSA-AES128-GCM-SHA256:" "ECDHE-ECDSA-AES256-GCM-SHA384:" "ECDHE-RSA-AES128-GCM-SHA256:" "ECDHE-RSA-AES256-GCM-SHA384", "A colon separated list of cipher suites to use with OpenSSL") static void init_cipher_suites(void) | |
const char * | grpc_get_ssl_cipher_suites (void) |
grpc_security_level | grpc_tsi_security_level_string_to_enum (const char *security_level) |
const char * | grpc_security_level_to_string (grpc_security_level security_level) |
bool | grpc_check_security_level (grpc_security_level channel_level, grpc_security_level call_cred_level) |
tsi_client_certificate_request_type | grpc_get_tsi_client_certificate_request_type (grpc_ssl_client_certificate_request_type grpc_request_type) |
tsi_tls_version | grpc_get_tsi_tls_version (grpc_tls_version tls_version) |
grpc_error_handle | grpc_ssl_check_alpn (const tsi_peer *peer) |
grpc_error_handle | grpc_ssl_check_peer_name (absl::string_view peer_name, const tsi_peer *peer) |
bool | grpc_ssl_check_call_host (absl::string_view host, absl::string_view target_name, absl::string_view overridden_target_name, grpc_auth_context *auth_context, grpc_error_handle *error) |
const char ** | grpc_fill_alpn_protocol_strings (size_t *num_alpn_protocols) |
int | grpc_ssl_host_matches_name (const tsi_peer *peer, absl::string_view peer_name) |
int | grpc_ssl_cmp_target_name (absl::string_view target_name, absl::string_view other_target_name, absl::string_view overridden_target_name, absl::string_view other_overridden_target_name) |
grpc_core::RefCountedPtr< grpc_auth_context > | grpc_ssl_peer_to_auth_context (const tsi_peer *peer, const char *transport_security_type) |
tsi_peer | grpc_shallow_peer_from_ssl_auth_context (const grpc_auth_context *auth_context) |
void | grpc_shallow_peer_destruct (tsi_peer *peer) |
grpc_security_status | grpc_ssl_tsi_client_handshaker_factory_init (tsi_ssl_pem_key_cert_pair *pem_key_cert_pair, const char *pem_root_certs, bool skip_server_certificate_verification, tsi_tls_version min_tls_version, tsi_tls_version max_tls_version, tsi_ssl_session_cache *ssl_session_cache, tsi_ssl_client_handshaker_factory **handshaker_factory) |
grpc_security_status | grpc_ssl_tsi_server_handshaker_factory_init (tsi_ssl_pem_key_cert_pair *pem_key_cert_pairs, size_t num_key_cert_pairs, const char *pem_root_certs, grpc_ssl_client_certificate_request_type client_certificate_request, tsi_tls_version min_tls_version, tsi_tls_version max_tls_version, tsi_ssl_server_handshaker_factory **handshaker_factory) |
grpc_ssl_session_cache * | grpc_ssl_session_cache_create_lru (size_t capacity) |
Create LRU cache for client-side SSL sessions with the given capacity. More... | |
void | grpc_ssl_session_cache_destroy (grpc_ssl_session_cache *cache) |
Destroy SSL session cache. More... | |
grpc_arg | grpc_ssl_session_cache_create_channel_arg (grpc_ssl_session_cache *cache) |
Create a channel arg with the given cache object. More... | |
#define TSI_OPENSSL_ALPN_SUPPORT 1 |
GPR_GLOBAL_CONFIG_DEFINE_STRING | ( | grpc_ssl_cipher_suites | , |
"TLS_AES_128_GCM_SHA256:" "TLS_AES_256_GCM_SHA384:" "TLS_CHACHA20_POLY1305_SHA256:" "ECDHE-ECDSA-AES128-GCM-SHA256:" "ECDHE-ECDSA-AES256-GCM-SHA384:" "ECDHE-RSA-AES128-GCM-SHA256:" "ECDHE-RSA-AES256-GCM-SHA384" | , | ||
"A colon separated list of cipher suites to use with OpenSSL" | |||
) |
bool grpc_check_security_level | ( | grpc_security_level | channel_level, |
grpc_security_level | call_cred_level | ||
) |
const char** grpc_fill_alpn_protocol_strings | ( | size_t * | num_alpn_protocols | ) |
const char* grpc_get_ssl_cipher_suites | ( | void | ) |
tsi_client_certificate_request_type grpc_get_tsi_client_certificate_request_type | ( | grpc_ssl_client_certificate_request_type | grpc_request_type | ) |
tsi_tls_version grpc_get_tsi_tls_version | ( | grpc_tls_version | tls_version | ) |
const char* grpc_security_level_to_string | ( | grpc_security_level | security_level | ) |
void grpc_set_ssl_roots_override_callback | ( | grpc_ssl_roots_override_callback | cb | ) |
Setup a callback to override the default TLS/SSL roots.
This function is not thread-safe and must be called at initialization time before any ssl credentials are created to have the desired side effect. If GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set to a valid path, the callback will not be called.
void grpc_shallow_peer_destruct | ( | tsi_peer * | peer | ) |
tsi_peer grpc_shallow_peer_from_ssl_auth_context | ( | const grpc_auth_context * | auth_context | ) |
grpc_error_handle grpc_ssl_check_alpn | ( | const tsi_peer * | peer | ) |
bool grpc_ssl_check_call_host | ( | absl::string_view | host, |
absl::string_view | target_name, | ||
absl::string_view | overridden_target_name, | ||
grpc_auth_context * | auth_context, | ||
grpc_error_handle * | error | ||
) |
grpc_error_handle grpc_ssl_check_peer_name | ( | absl::string_view | peer_name, |
const tsi_peer * | peer | ||
) |
int grpc_ssl_cmp_target_name | ( | absl::string_view | target_name, |
absl::string_view | other_target_name, | ||
absl::string_view | overridden_target_name, | ||
absl::string_view | other_overridden_target_name | ||
) |
int grpc_ssl_host_matches_name | ( | const tsi_peer * | peer, |
absl::string_view | peer_name | ||
) |
grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context | ( | const tsi_peer * | peer, |
const char * | transport_security_type | ||
) |
grpc_arg grpc_ssl_session_cache_create_channel_arg | ( | grpc_ssl_session_cache * | cache | ) |
Create a channel arg with the given cache object.
grpc_ssl_session_cache* grpc_ssl_session_cache_create_lru | ( | size_t | capacity | ) |
Create LRU cache for client-side SSL sessions with the given capacity.
If capacity is < 1, a default capacity is used instead.
void grpc_ssl_session_cache_destroy | ( | grpc_ssl_session_cache * | cache | ) |
Destroy SSL session cache.
grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init | ( | tsi_ssl_pem_key_cert_pair * | pem_key_cert_pair, |
const char * | pem_root_certs, | ||
bool | skip_server_certificate_verification, | ||
tsi_tls_version | min_tls_version, | ||
tsi_tls_version | max_tls_version, | ||
tsi_ssl_session_cache * | ssl_session_cache, | ||
tsi_ssl_client_handshaker_factory ** | handshaker_factory | ||
) |
grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init | ( | tsi_ssl_pem_key_cert_pair * | pem_key_cert_pairs, |
size_t | num_key_cert_pairs, | ||
const char * | pem_root_certs, | ||
grpc_ssl_client_certificate_request_type | client_certificate_request, | ||
tsi_tls_version | min_tls_version, | ||
tsi_tls_version | max_tls_version, | ||
tsi_ssl_server_handshaker_factory ** | handshaker_factory | ||
) |
grpc_security_level grpc_tsi_security_level_string_to_enum | ( | const char * | security_level | ) |