GRPC Core
18.0.0
|
#include <grpc/support/port_platform.h>
#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
#include <stdlib.h>
#include <string.h>
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
#include "src/core/lib/surface/api_trace.h"
grpc_tls_credentials_options* grpc_tls_credentials_options_create | ( | void | ) |
– Wrapper APIs declared in grpc_security.h –
Creates an grpc_tls_credentials_options.
void grpc_tls_credentials_options_set_cert_request_type | ( | grpc_tls_credentials_options * | options, |
grpc_ssl_client_certificate_request_type | type | ||
) |
Sets the options of whether to request and verify client certs.
This should be called only on the server side. It is used for experimental purpose for now and subject to change.
void grpc_tls_credentials_options_set_certificate_provider | ( | grpc_tls_credentials_options * | options, |
grpc_tls_certificate_provider * | provider | ||
) |
Sets the credential provider in the options.
The |options| will implicitly take a new ref to the |provider|. It is used for experimental purpose for now and subject to change.
void grpc_tls_credentials_options_set_identity_cert_name | ( | grpc_tls_credentials_options * | options, |
const char * | identity_cert_name | ||
) |
Sets the name of the identity certificates being watched.
If not set, We will use a default empty string as the identity certificate name. It is used for experimental purpose for now and subject to change.
void grpc_tls_credentials_options_set_root_cert_name | ( | grpc_tls_credentials_options * | options, |
const char * | root_cert_name | ||
) |
Sets the name of the root certificates being watched.
If not set, We will use a default empty string as the root certificate name. It is used for experimental purpose for now and subject to change.
void grpc_tls_credentials_options_set_server_authorization_check_config | ( | grpc_tls_credentials_options * | options, |
grpc_tls_server_authorization_check_config * | config | ||
) |
Sets the configuration for a custom authorization check performed at the end of the handshake.
The |options| will implicitly take a new ref to the |config|. It is used for experimental purpose for now and subject to change.
void grpc_tls_credentials_options_set_server_verification_option | ( | grpc_tls_credentials_options * | options, |
grpc_tls_server_verification_option | server_verification_option | ||
) |
Sets the options of whether to choose certain checks, e.g.
certificate check, hostname check, etc. This should be called only on the client side. If |server_verification_option| is not GRPC_TLS_SERVER_VERIFICATION, use of a custom authorization check (grpc_tls_server_authorization_check_config) is mandatory. It is used for experimental purpose for now and subject to change.
void grpc_tls_credentials_options_watch_identity_key_cert_pairs | ( | grpc_tls_credentials_options * | options | ) |
If set, gRPC stack will keep watching the identity key-cert pairs with name |identity_cert_name|.
This is required on the server side, and optional on the client side. It is used for experimental purpose for now and subject to change.
void grpc_tls_credentials_options_watch_root_certs | ( | grpc_tls_credentials_options * | options | ) |
If set, gRPC stack will keep watching the root certificates with name |root_cert_name|.
If this is not set on the client side, we will use the root certificates stored in the default system location, since client side must provide root certificates in TLS. If this is not set on the server side, we will not watch any root certificate updates, and assume no root certificates needed for the server(single-side TLS). Default root certs on the server side is not supported. It is used for experimental purpose for now and subject to change.
grpc_tls_server_authorization_check_config* grpc_tls_server_authorization_check_config_create | ( | const void * | config_user_data, |
int(*)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg) | schedule, | ||
void(*)(void *config_user_data, grpc_tls_server_authorization_check_arg *arg) | cancel, | ||
void(*)(void *config_user_data) | destruct | ||
) |
Create a grpc_tls_server_authorization_check_config instance.
void grpc_tls_server_authorization_check_config_release | ( | grpc_tls_server_authorization_check_config * | config | ) |
Releases a grpc_tls_server_authorization_check_config object.
The creator of the grpc_tls_server_authorization_check_config object is responsible for its release. It is used for experimental purpose for now and subject to change.