From a6b2c4ce468f06094810252cfa7f136d398ddd9e Mon Sep 17 00:00:00 2001
From: Jan Tattermusch <jtattermusch@google.com>
Date: Thu, 10 Dec 2015 16:41:11 -0800
Subject: [PATCH] Get rid of SSL_CERT_FILE env entirely
---
src/python/grpcio/tests/interop/client.py | 2 +-
src/python/grpcio/tests/interop/resources.py | 4 ----
src/python/grpcio/tests/unit/resources.py | 4 ----
src/ruby/bin/apis/pubsub_demo.rb | 12 +---------
src/ruby/ext/grpc/rb_channel_credentials.c | 23 +++++++++-----------
src/ruby/pb/test/client.rb | 10 +--------
tools/run_tests/run_interop_tests.py | 15 +++++--------
7 files changed, 18 insertions(+), 52 deletions(-)
diff --git a/src/python/grpcio/tests/interop/client.py b/src/python/grpcio/tests/interop/client.py
index 5c00bce014..573ec2bd71 100644
--- a/src/python/grpcio/tests/interop/client.py
+++ b/src/python/grpcio/tests/interop/client.py
@@ -90,7 +90,7 @@ def _stub(args):
if args.use_test_ca:
root_certificates = resources.test_root_certificates()
else:
- root_certificates = resources.prod_root_certificates()
+ root_certificates = None # will load default roots.
channel = test_utilities.not_really_secure_channel(
args.server_host, args.server_port,
diff --git a/src/python/grpcio/tests/interop/resources.py b/src/python/grpcio/tests/interop/resources.py
index 1122499418..c424385cf6 100644
--- a/src/python/grpcio/tests/interop/resources.py
+++ b/src/python/grpcio/tests/interop/resources.py
@@ -44,10 +44,6 @@ def test_root_certificates():
__name__, _ROOT_CERTIFICATES_RESOURCE_PATH)
-def prod_root_certificates():
- return open(os.environ['SSL_CERT_FILE'], mode='rb').read()
-
-
def private_key():
return pkg_resources.resource_string(__name__, _PRIVATE_KEY_RESOURCE_PATH)
diff --git a/src/python/grpcio/tests/unit/resources.py b/src/python/grpcio/tests/unit/resources.py
index 2c3045313d..023cdb155f 100644
--- a/src/python/grpcio/tests/unit/resources.py
+++ b/src/python/grpcio/tests/unit/resources.py
@@ -43,10 +43,6 @@ def test_root_certificates():
__name__, _ROOT_CERTIFICATES_RESOURCE_PATH)
-def prod_root_certificates():
- return open(os.environ['SSL_CERT_FILE'], mode='rb').read()
-
-
def private_key():
return pkg_resources.resource_string(__name__, _PRIVATE_KEY_RESOURCE_PATH)
diff --git a/src/ruby/bin/apis/pubsub_demo.rb b/src/ruby/bin/apis/pubsub_demo.rb
index 003e91a6b3..983be6e823 100755
--- a/src/ruby/bin/apis/pubsub_demo.rb
+++ b/src/ruby/bin/apis/pubsub_demo.rb
@@ -32,7 +32,6 @@
# pubsub_demo demos accesses the Google PubSub API via its gRPC interface
#
# $ GOOGLE_APPLICATION_CREDENTIALS=<path_to_service_account_key_file> \
-# SSL_CERT_FILE=<path/to/ssl/certs> \
# path/to/pubsub_demo.rb \
# [--action=<chosen_demo_action> ]
#
@@ -55,18 +54,9 @@ require 'google/protobuf/empty'
require 'tech/pubsub/proto/pubsub'
require 'tech/pubsub/proto/pubsub_services'
-# loads the certificates used to access the test server securely.
-def load_prod_cert
- fail 'could not find a production cert' if ENV['SSL_CERT_FILE'].nil?
- p "loading prod certs from #{ENV['SSL_CERT_FILE']}"
- File.open(ENV['SSL_CERT_FILE']) do |f|
- return f.read
- end
-end
-
# creates a SSL Credentials from the production certificates.
def ssl_creds
- GRPC::Core::ChannelCredentials.new(load_prod_cert)
+ GRPC::Core::ChannelCredentials.new()
end
# Builds the metadata authentication update proc.
diff --git a/src/ruby/ext/grpc/rb_channel_credentials.c b/src/ruby/ext/grpc/rb_channel_credentials.c
index 072a6f54ab..c7f4914997 100644
--- a/src/ruby/ext/grpc/rb_channel_credentials.c
+++ b/src/ruby/ext/grpc/rb_channel_credentials.c
@@ -148,11 +148,13 @@ static ID id_pem_cert_chain;
/*
call-seq:
- creds1 = Credentials.new(pem_root_certs)
+ creds1 = Credentials.new()
...
- creds2 = Credentials.new(pem_root_certs, pem_private_key,
+ creds2 = Credentials.new(pem_root_certs)
+ ...
+ creds3 = Credentials.new(pem_root_certs, pem_private_key,
pem_cert_chain)
- pem_root_certs: (required) PEM encoding of the server root certificate
+ pem_root_certs: (optional) PEM encoding of the server root certificate
pem_private_key: (optional) PEM encoding of the client's private key
pem_cert_chain: (optional) PEM encoding of the client's cert chain
Initializes Credential instances. */
@@ -164,21 +166,16 @@ static VALUE grpc_rb_channel_credentials_init(int argc, VALUE *argv, VALUE self)
grpc_channel_credentials *creds = NULL;
grpc_ssl_pem_key_cert_pair key_cert_pair;
MEMZERO(&key_cert_pair, grpc_ssl_pem_key_cert_pair, 1);
- /* TODO: Remove mandatory arg when we support default roots. */
- /* "12" == 1 mandatory arg, 2 (credentials) is optional */
- rb_scan_args(argc, argv, "12", &pem_root_certs, &pem_private_key,
+ /* "03" == no mandatory arg, 3 optional */
+ rb_scan_args(argc, argv, "03", &pem_root_certs, &pem_private_key,
&pem_cert_chain);
TypedData_Get_Struct(self, grpc_rb_channel_credentials,
&grpc_rb_channel_credentials_data_type, wrapper);
- if (pem_root_certs == Qnil) {
- rb_raise(rb_eRuntimeError,
- "could not create a credential: nil pem_root_certs");
- return Qnil;
- }
if (pem_private_key == Qnil && pem_cert_chain == Qnil) {
- creds =
- grpc_ssl_credentials_create(RSTRING_PTR(pem_root_certs), NULL, NULL);
+ creds = grpc_ssl_credentials_create(
+ pem_root_certs == Qnil ? NULL : RSTRING_PTR(pem_root_certs),
+ NULL, NULL);
} else {
key_cert_pair.private_key = RSTRING_PTR(pem_private_key);
key_cert_pair.cert_chain = RSTRING_PTR(pem_cert_chain);
diff --git a/src/ruby/pb/test/client.rb b/src/ruby/pb/test/client.rb
index 329e2dc98b..6eb727ccbe 100755
--- a/src/ruby/pb/test/client.rb
+++ b/src/ruby/pb/test/client.rb
@@ -93,13 +93,6 @@ def load_test_certs
files.map { |f| File.open(File.join(data_dir, f)).read }
end
-# loads the certificates used to access the test server securely.
-def load_prod_cert
- fail 'could not find a production cert' if ENV['SSL_CERT_FILE'].nil?
- GRPC.logger.info("loading prod certs from #{ENV['SSL_CERT_FILE']}")
- File.open(ENV['SSL_CERT_FILE']).read
-end
-
# creates SSL Credentials from the test certificates.
def test_creds
certs = load_test_certs
@@ -108,8 +101,7 @@ end
# creates SSL Credentials from the production certificates.
def prod_creds
- cert_text = load_prod_cert
- GRPC::Core::ChannelCredentials.new(cert_text)
+ GRPC::Core::ChannelCredentials.new()
end
# creates the SSL Credentials.
diff --git a/tools/run_tests/run_interop_tests.py b/tools/run_tests/run_interop_tests.py
index 7a09feb70d..e69e9877c5 100755
--- a/tools/run_tests/run_interop_tests.py
+++ b/tools/run_tests/run_interop_tests.py
@@ -54,11 +54,6 @@ os.chdir(ROOT)
_DEFAULT_SERVER_PORT=8080
-# TOOD(jtattermusch) wrapped languages use this variable for location
-# of roots.pem. We might want to use GRPC_DEFAULT_SSL_ROOTS_FILE_PATH
-# supported by C core SslCredentials instead.
-_SSL_CERT_ENV = { 'SSL_CERT_FILE':'/usr/local/share/grpc/roots.pem' }
-
_SKIP_COMPRESSION = ['large_compressed_unary',
'server_compressed_streaming']
@@ -105,7 +100,7 @@ class CSharpLanguage:
return ['mono', 'Grpc.IntegrationTesting.Client.exe'] + args
def cloud_to_prod_env(self):
- return _SSL_CERT_ENV
+ return {}
def server_cmd(self, args):
return ['mono', 'Grpc.IntegrationTesting.Server.exe', '--use_tls=true'] + args
@@ -222,7 +217,7 @@ class NodeLanguage:
return ['node', 'src/node/interop/interop_client.js'] + args
def cloud_to_prod_env(self):
- return _SSL_CERT_ENV
+ return {}
def server_cmd(self, args):
return ['node', 'src/node/interop/interop_server.js', '--use_tls=true'] + args
@@ -250,7 +245,7 @@ class PHPLanguage:
return ['src/php/bin/interop_client.sh'] + args
def cloud_to_prod_env(self):
- return _SSL_CERT_ENV
+ return {}
def global_env(self):
return {}
@@ -276,7 +271,7 @@ class RubyLanguage:
return ['ruby', 'src/ruby/bin/interop/interop_client.rb'] + args
def cloud_to_prod_env(self):
- return _SSL_CERT_ENV
+ return {}
def server_cmd(self, args):
return ['ruby', 'src/ruby/bin/interop/interop_server.rb', '--use_tls=true'] + args
@@ -311,7 +306,7 @@ class PythonLanguage:
]
def cloud_to_prod_env(self):
- return _SSL_CERT_ENV
+ return {}
def server_cmd(self, args):
return [
--
GitLab