#include <grpc/support/port_platform.h>#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"#include <grpc/support/log.h>#include "src/core/lib/debug/trace.h"#include "src/core/lib/gprpp/debug_location.h"#include "src/core/lib/iomgr/exec_ctx.h"#include "src/core/lib/surface/api_trace.h"#include "src/core/tsi/ssl_transport_security.h"
Go to the source code of this file.
Function Documentation
◆ grpc_tls_credentials_options_create()
| grpc_tls_credentials_options* grpc_tls_credentials_options_create | ( | ) |
– Wrapper APIs declared in grpc_security.h –
Definition at line 33 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_set_cert_request_type()
| void grpc_tls_credentials_options_set_cert_request_type | ( | grpc_tls_credentials_options * | options, |
| grpc_ssl_client_certificate_request_type | type | ||
| ) |
EXPERIMENTAL API - Subject to change
Sets the options of whether to request and/or verify client certs. This shall only be called on the server side.
Definition at line 38 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_set_certificate_provider()
| void grpc_tls_credentials_options_set_certificate_provider | ( | grpc_tls_credentials_options * | options, |
| grpc_tls_certificate_provider * | provider | ||
| ) |
EXPERIMENTAL API - Subject to change
Sets the credential provider in the options. The |options| will implicitly take a new ref to the |provider|.
Definition at line 51 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_set_certificate_verifier()
| void grpc_tls_credentials_options_set_certificate_verifier | ( | grpc_tls_credentials_options * | options, |
| grpc_tls_certificate_verifier * | verifier | ||
| ) |
EXPERIMENTAL API - Subject to change
Sets the verifier in options. The |options| will implicitly take a new ref to the |verifier|. If not set on the client side, we will verify server's certificates, and check the default hostname. If not set on the server side, we will verify client's certificates.
Definition at line 85 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_set_check_call_host()
| void grpc_tls_credentials_options_set_check_call_host | ( | grpc_tls_credentials_options * | options, |
| int | check_call_host | ||
| ) |
EXPERIMENTAL API - Subject to change
Sets the options of whether to check the hostname of the peer on a per-call basis. This is usually used in a combination with virtual hosting at the client side, where each individual call on a channel can have a different host associated with it. This check is intended to verify that the host specified for the individual call is covered by the cert that the peer presented. The default is a non-zero value, which indicates performing such checks.
Definition at line 99 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_set_crl_directory()
| void grpc_tls_credentials_options_set_crl_directory | ( | grpc_tls_credentials_options * | options, |
| const char * | crl_directory | ||
| ) |
EXPERIMENTAL API - Subject to change
If set, gRPC will read all hashed x.509 CRL files in the directory and enforce the CRL files on all TLS handshakes. Only supported for OpenSSL version > 1.1. It is used for experimental purpose for now and subject to change.
Definition at line 93 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_set_identity_cert_name()
| void grpc_tls_credentials_options_set_identity_cert_name | ( | grpc_tls_credentials_options * | options, |
| const char * | identity_cert_name | ||
| ) |
EXPERIMENTAL API - Subject to change
Sets the name of the identity certificates being watched. If not set, We will use a default empty string as the identity certificate name.
Definition at line 79 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_set_root_cert_name()
| void grpc_tls_credentials_options_set_root_cert_name | ( | grpc_tls_credentials_options * | options, |
| const char * | root_cert_name | ||
| ) |
EXPERIMENTAL API - Subject to change
Sets the name of the root certificates being watched. If not set, We will use a default empty string as the root certificate name.
Definition at line 67 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_set_tls_session_key_log_file_path()
| void grpc_tls_credentials_options_set_tls_session_key_log_file_path | ( | grpc_tls_credentials_options * | options, |
| const char * | path | ||
| ) |
— TLS session key logging. — Experimental API to control tls session key logging. Tls session key logging is expected to be used only for debugging purposes and never in production. Tls session key logging is only enabled when: At least one grpc_tls_credentials_options object is assigned a tls session key logging file path using the API specified below. EXPERIMENTAL API - Subject to change. Configures a grpc_tls_credentials_options object with tls session key logging capability. TLS channels using these credentials have tls session key logging enabled.
- options is the grpc_tls_credentials_options object
- path is a string pointing to the location where TLS session keys would be stored.
Definition at line 105 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_set_verify_server_cert()
| void grpc_tls_credentials_options_set_verify_server_cert | ( | grpc_tls_credentials_options * | options, |
| int | verify_server_cert | ||
| ) |
EXPERIMENTAL API - Subject to change
Sets the options of whether to verify server certs on the client side. Passing in a non-zero value indicates verifying the certs.
Definition at line 45 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_watch_identity_key_cert_pairs()
| void grpc_tls_credentials_options_watch_identity_key_cert_pairs | ( | grpc_tls_credentials_options * | options | ) |
EXPERIMENTAL API - Subject to change
If set, gRPC stack will keep watching the identity key-cert pairs with name |identity_cert_name|. This is required on the server side, and optional on the client side.
Definition at line 73 of file grpc_tls_credentials_options.cc.
◆ grpc_tls_credentials_options_watch_root_certs()
| void grpc_tls_credentials_options_watch_root_certs | ( | grpc_tls_credentials_options * | options | ) |
EXPERIMENTAL API - Subject to change
If set, gRPC stack will keep watching the root certificates with name |root_cert_name|. If this is not set on the client side, we will use the root certificates stored in the default system location, since client side must provide root certificates in TLS. If this is not set on the server side, we will not watch any root certificate updates, and assume no root certificates needed for the server(single-side TLS). Default root certs on the server side is not supported.
Definition at line 61 of file grpc_tls_credentials_options.cc.