Load default roots.pem in Ruby via grpc_set_ssl_roots_override_callback

src/ruby/ext/grpc/rb_channel_credentials.c

@@ -31,6 +31,8 @@
  *
  */
 
+#include <string.h>
+
 #include <ruby/ruby.h>
 #include "rb_grpc_imports.generated.h"
 #include "rb_channel_credentials.h"
@@ -39,6 +41,7 @@
 
 #include <grpc/grpc.h>
 #include <grpc/grpc_security.h>
+#include <grpc/support/alloc.h>
 #include <grpc/support/log.h>
 
 #include "rb_call_credentials.h"
@@ -48,6 +51,8 @@
    grpc_channel_credentials. */
 static VALUE grpc_rb_cChannelCredentials = Qnil;
 
+static char *pem_root_certs = NULL;
+
 /* grpc_rb_channel_credentials wraps a grpc_channel_credentials.  It provides a
  * mark object that is used to hold references to any objects used to create
  * the credentials. */
@@ -236,6 +241,24 @@ static VALUE grpc_rb_channel_credentials_compose(int argc, VALUE *argv,
   return grpc_rb_wrap_channel_credentials(creds, mark);
 }
 
+static grpc_ssl_roots_override_result get_ssl_roots_override(
+    char **pem_root_certs_ptr) {
+  *pem_root_certs_ptr = pem_root_certs;
+  if (pem_root_certs == NULL) {
+    return GRPC_SSL_ROOTS_OVERRIDE_FAIL;
+  } else {
+    return GRPC_SSL_ROOTS_OVERRIDE_OK;
+  }
+}
+
+static VALUE grpc_rb_set_default_roots_pem(VALUE self, VALUE roots) {
+  char *roots_ptr = StringValueCStr(roots);
+  size_t length = strlen(roots_ptr);
+  pem_root_certs = gpr_malloc((length + 1) * sizeof(char));
+  memcpy(pem_root_certs, roots_ptr, length + 1);
+  return Qnil;
+}
+
 void Init_grpc_channel_credentials() {
   grpc_rb_cChannelCredentials =
       rb_define_class_under(grpc_rb_mGrpcCore, "ChannelCredentials", rb_cObject);
@@ -251,6 +274,11 @@ void Init_grpc_channel_credentials() {
                    grpc_rb_channel_credentials_init_copy, 1);
   rb_define_method(grpc_rb_cChannelCredentials, "compose",
                    grpc_rb_channel_credentials_compose, -1);
+  rb_define_module_function(grpc_rb_cChannelCredentials,
+                            "set_default_roots_pem",
+                            grpc_rb_set_default_roots_pem, 1);
+
+  grpc_set_ssl_roots_override_callback(get_ssl_roots_override);
 
   id_pem_cert_chain = rb_intern("__pem_cert_chain");
   id_pem_private_key = rb_intern("__pem_private_key");

src/ruby/lib/grpc.rb

@@ -28,9 +28,6 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ssl_roots_path = File.expand_path('../../../../etc/roots.pem', __FILE__)
-unless ENV['GRPC_DEFAULT_SSL_ROOTS_FILE_PATH']
-  ENV['GRPC_DEFAULT_SSL_ROOTS_FILE_PATH'] = ssl_roots_path
-end
 
 require_relative 'grpc/errors'
 require_relative 'grpc/grpc'
@@ -42,3 +39,11 @@ require_relative 'grpc/generic/active_call'
 require_relative 'grpc/generic/client_stub'
 require_relative 'grpc/generic/service'
 require_relative 'grpc/generic/rpc_server'
+
+begin
+  file = File.open(ssl_roots_path)
+  roots = file.read
+  GRPC::Core::ChannelCredentials.set_default_roots_pem roots
+ensure
+  file.close
+end