GRPC Core  10.0.0
Macros | Enumerations
grpc_security_constants.h File Reference

Go to the source code of this file.

Macros

#define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME   "transport_security_type"
 
#define GRPC_SSL_TRANSPORT_SECURITY_TYPE   "ssl"
 
#define GRPC_X509_CN_PROPERTY_NAME   "x509_common_name"
 
#define GRPC_X509_SAN_PROPERTY_NAME   "x509_subject_alternative_name"
 
#define GRPC_X509_PEM_CERT_PROPERTY_NAME   "x509_pem_cert"
 
#define GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME   "x509_pem_cert_chain"
 
#define GRPC_SSL_SESSION_REUSED_PROPERTY   "ssl_session_reused"
 
#define GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME   "security_level"
 
#define GRPC_PEER_SPIFFE_ID_PROPERTY_NAME   "peer_spiffe_id"
 
#define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR   "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"
 Environment variable that points to the default SSL roots file. More...
 
#define GRPC_GOOGLE_CREDENTIALS_ENV_VAR   "GOOGLE_APPLICATION_CREDENTIALS"
 Environment variable that points to the google default application credentials json key or refresh token. More...
 

Enumerations

enum  grpc_ssl_roots_override_result { GRPC_SSL_ROOTS_OVERRIDE_OK, GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY, GRPC_SSL_ROOTS_OVERRIDE_FAIL }
 Results for the SSL roots override callback. More...
 
enum  grpc_ssl_certificate_config_reload_status { GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL }
 Callback results for dynamically loading a SSL certificate config. More...
 
enum  grpc_ssl_client_certificate_request_type {
  GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,
  GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
}
 
enum  grpc_security_level {
  GRPC_SECURITY_MIN, GRPC_SECURITY_NONE = GRPC_SECURITY_MIN, GRPC_INTEGRITY_ONLY, GRPC_PRIVACY_AND_INTEGRITY,
  GRPC_SECURITY_MAX = GRPC_PRIVACY_AND_INTEGRITY
}
 
enum  grpc_tls_server_verification_option { GRPC_TLS_SERVER_VERIFICATION, GRPC_TLS_SKIP_HOSTNAME_VERIFICATION, GRPC_TLS_SKIP_ALL_SERVER_VERIFICATION }
 
enum  grpc_local_connect_type { UDS = 0, LOCAL_TCP }
 Type of local connections for which local channel/server credentials will be applied. More...
 

Macro Definition Documentation

◆ GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR

#define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR   "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"

Environment variable that points to the default SSL roots file.

This file must be a PEM encoded file with all the roots such as the one that can be downloaded from https://pki.google.com/roots.pem.

◆ GRPC_GOOGLE_CREDENTIALS_ENV_VAR

#define GRPC_GOOGLE_CREDENTIALS_ENV_VAR   "GOOGLE_APPLICATION_CREDENTIALS"

Environment variable that points to the google default application credentials json key or refresh token.

Used in the grpc_google_default_credentials_create function.

◆ GRPC_PEER_SPIFFE_ID_PROPERTY_NAME

#define GRPC_PEER_SPIFFE_ID_PROPERTY_NAME   "peer_spiffe_id"

◆ GRPC_SSL_SESSION_REUSED_PROPERTY

#define GRPC_SSL_SESSION_REUSED_PROPERTY   "ssl_session_reused"

◆ GRPC_SSL_TRANSPORT_SECURITY_TYPE

#define GRPC_SSL_TRANSPORT_SECURITY_TYPE   "ssl"

◆ GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME

#define GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME   "security_level"

◆ GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME

#define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME   "transport_security_type"

◆ GRPC_X509_CN_PROPERTY_NAME

#define GRPC_X509_CN_PROPERTY_NAME   "x509_common_name"

◆ GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME

#define GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME   "x509_pem_cert_chain"

◆ GRPC_X509_PEM_CERT_PROPERTY_NAME

#define GRPC_X509_PEM_CERT_PROPERTY_NAME   "x509_pem_cert"

◆ GRPC_X509_SAN_PROPERTY_NAME

#define GRPC_X509_SAN_PROPERTY_NAME   "x509_subject_alternative_name"

Enumeration Type Documentation

◆ grpc_local_connect_type

Type of local connections for which local channel/server credentials will be applied.

It supports UDS and local TCP connections.

Enumerator
UDS 
LOCAL_TCP 

◆ grpc_security_level

Enumerator
GRPC_SECURITY_MIN 
GRPC_SECURITY_NONE 
GRPC_INTEGRITY_ONLY 
GRPC_PRIVACY_AND_INTEGRITY 
GRPC_SECURITY_MAX 

◆ grpc_ssl_certificate_config_reload_status

Callback results for dynamically loading a SSL certificate config.

Enumerator
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED 
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW 
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL 

◆ grpc_ssl_client_certificate_request_type

Enumerator
GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE 

Server does not request client certificate.

The certificate presented by the client is not checked by the server at all. (A client may present a self signed or signed certificate or not present a certificate at all and any of those option would be accepted)

GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY 

Server requests client certificate but does not enforce that the client presents a certificate.

If the client presents a certificate, the client authentication is left to the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context).

The client's key certificate pair must be valid for the SSL connection to be established.

GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY 

Server requests client certificate but does not enforce that the client presents a certificate.

If the client presents a certificate, the client authentication is done by the gRPC framework. (For a successful connection the client needs to either present a certificate that can be verified against the root certificate configured by the server or not present a certificate at all)

The client's key certificate pair must be valid for the SSL connection to be established.

GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY 

Server requests client certificate and enforces that the client presents a certificate.

If the client presents a certificate, the client authentication is left to the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context).

The client's key certificate pair must be valid for the SSL connection to be established.

GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY 

Server requests client certificate and enforces that the client presents a certificate.

The certificate presented by the client is verified by the gRPC framework. (For a successful connection the client needs to present a certificate that can be verified against the root certificate configured by the server)

The client's key certificate pair must be valid for the SSL connection to be established.

◆ grpc_ssl_roots_override_result

Results for the SSL roots override callback.

Enumerator
GRPC_SSL_ROOTS_OVERRIDE_OK 
GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY 
GRPC_SSL_ROOTS_OVERRIDE_FAIL 

Do not try fallback options.

◆ grpc_tls_server_verification_option

Enumerator
GRPC_TLS_SERVER_VERIFICATION 

Default option: performs server certificate verification and hostname verification.

GRPC_TLS_SKIP_HOSTNAME_VERIFICATION 

Performs server certificate verification, but skips hostname verification Client is responsible for verifying server's identity via server authorization check callback.

GRPC_TLS_SKIP_ALL_SERVER_VERIFICATION 

Skips both server certificate and hostname verification.

Client is responsible for verifying server's identity and server's certificate via server authorization check callback.