grpc_security_constants.h File Reference

Go to the source code of this file.

Macros
#define	GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME   "transport_security_type"
#define	GRPC_SSL_TRANSPORT_SECURITY_TYPE   "ssl"
#define	GRPC_X509_CN_PROPERTY_NAME   "x509_common_name"
#define	GRPC_X509_SAN_PROPERTY_NAME   "x509_subject_alternative_name"
#define	GRPC_X509_PEM_CERT_PROPERTY_NAME   "x509_pem_cert"
#define	GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME   "x509_pem_cert_chain"
#define	GRPC_SSL_SESSION_REUSED_PROPERTY   "ssl_session_reused"
#define	GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME   "security_level"
#define	GRPC_PEER_SPIFFE_ID_PROPERTY_NAME   "peer_spiffe_id"
#define	GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR   "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"
	Environment variable that points to the default SSL roots file. More...
#define	GRPC_GOOGLE_CREDENTIALS_ENV_VAR   "GOOGLE_APPLICATION_CREDENTIALS"
	Environment variable that points to the google default application credentials json key or refresh token. More...

Enumerations
enum	grpc_ssl_roots_override_result { GRPC_SSL_ROOTS_OVERRIDE_OK, GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY, GRPC_SSL_ROOTS_OVERRIDE_FAIL }
	Results for the SSL roots override callback. More...
enum	grpc_ssl_certificate_config_reload_status { GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW, GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL }
	Callback results for dynamically loading a SSL certificate config. More...
enum	grpc_ssl_client_certificate_request_type {   GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE, GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY, GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY, GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY,   GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY }
enum	grpc_security_level {   GRPC_SECURITY_MIN, GRPC_SECURITY_NONE = GRPC_SECURITY_MIN, GRPC_INTEGRITY_ONLY, GRPC_PRIVACY_AND_INTEGRITY,   GRPC_SECURITY_MAX = GRPC_PRIVACY_AND_INTEGRITY }
enum	grpc_tls_server_verification_option { GRPC_TLS_SERVER_VERIFICATION, GRPC_TLS_SKIP_HOSTNAME_VERIFICATION, GRPC_TLS_SKIP_ALL_SERVER_VERIFICATION }
enum	grpc_local_connect_type { UDS = 0, LOCAL_TCP }
	Type of local connections for which local channel/server credentials will be applied. More...

Macro Definition Documentation

GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR

#define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR   "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"

Environment variable that points to the default SSL roots file.

This file must be a PEM encoded file with all the roots such as the one that can be downloaded from https://pki.google.com/roots.pem.

GRPC_GOOGLE_CREDENTIALS_ENV_VAR

#define GRPC_GOOGLE_CREDENTIALS_ENV_VAR   "GOOGLE_APPLICATION_CREDENTIALS"

Environment variable that points to the google default application credentials json key or refresh token.

Used in the grpc_google_default_credentials_create function.

GRPC_PEER_SPIFFE_ID_PROPERTY_NAME

#define GRPC_PEER_SPIFFE_ID_PROPERTY_NAME   "peer_spiffe_id"

GRPC_SSL_SESSION_REUSED_PROPERTY

#define GRPC_SSL_SESSION_REUSED_PROPERTY   "ssl_session_reused"

GRPC_SSL_TRANSPORT_SECURITY_TYPE

#define GRPC_SSL_TRANSPORT_SECURITY_TYPE   "ssl"

GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME

#define GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME   "security_level"

GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME

#define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME   "transport_security_type"

GRPC_X509_CN_PROPERTY_NAME

#define GRPC_X509_CN_PROPERTY_NAME   "x509_common_name"

GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME

#define GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME   "x509_pem_cert_chain"

GRPC_X509_PEM_CERT_PROPERTY_NAME

#define GRPC_X509_PEM_CERT_PROPERTY_NAME   "x509_pem_cert"

GRPC_X509_SAN_PROPERTY_NAME

#define GRPC_X509_SAN_PROPERTY_NAME   "x509_subject_alternative_name"

Enumeration Type Documentation

grpc_local_connect_type

enum grpc_local_connect_type

Type of local connections for which local channel/server credentials will be applied.

It supports UDS and local TCP connections.

Enumerator
UDS
LOCAL_TCP

grpc_security_level

enum grpc_security_level

Enumerator
GRPC_SECURITY_MIN
GRPC_SECURITY_NONE
GRPC_INTEGRITY_ONLY
GRPC_PRIVACY_AND_INTEGRITY
GRPC_SECURITY_MAX

grpc_ssl_certificate_config_reload_status

enum grpc_ssl_certificate_config_reload_status

Callback results for dynamically loading a SSL certificate config.

Enumerator
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL

grpc_ssl_client_certificate_request_type

enum grpc_ssl_client_certificate_request_type

Enumerator
GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE	Server does not request client certificate. The certificate presented by the client is not checked by the server at all. (A client may present a self signed or signed certificate or not present a certificate at all and any of those option would be accepted)
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY	Server requests client certificate but does not enforce that the client presents a certificate. If the client presents a certificate, the client authentication is left to the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context). The client's key certificate pair must be valid for the SSL connection to be established.
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY	Server requests client certificate but does not enforce that the client presents a certificate. If the client presents a certificate, the client authentication is done by the gRPC framework. (For a successful connection the client needs to either present a certificate that can be verified against the root certificate configured by the server or not present a certificate at all) The client's key certificate pair must be valid for the SSL connection to be established.
GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY	Server requests client certificate and enforces that the client presents a certificate. If the client presents a certificate, the client authentication is left to the application (the necessary metadata will be available to the application via authentication context properties, see grpc_auth_context). The client's key certificate pair must be valid for the SSL connection to be established.
GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY	Server requests client certificate and enforces that the client presents a certificate. The certificate presented by the client is verified by the gRPC framework. (For a successful connection the client needs to present a certificate that can be verified against the root certificate configured by the server) The client's key certificate pair must be valid for the SSL connection to be established.

grpc_ssl_roots_override_result

enum grpc_ssl_roots_override_result

Results for the SSL roots override callback.

Enumerator
GRPC_SSL_ROOTS_OVERRIDE_OK
GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY
GRPC_SSL_ROOTS_OVERRIDE_FAIL	Do not try fallback options.

grpc_tls_server_verification_option

enum grpc_tls_server_verification_option

Enumerator
GRPC_TLS_SERVER_VERIFICATION	Default option: performs server certificate verification and hostname verification.
GRPC_TLS_SKIP_HOSTNAME_VERIFICATION	Performs server certificate verification, but skips hostname verification Client is responsible for verifying server's identity via server authorization check callback.
GRPC_TLS_SKIP_ALL_SERVER_VERIFICATION	Skips both server certificate and hostname verification. Client is responsible for verifying server's identity and server's certificate via server authorization check callback.