diff --git a/include/grpc++/server_credentials.h b/include/grpc++/server_credentials.h
index cf08870f424eb208113f5ff2ba538cfbe88ee70b..91504ae0ae3cc3e435f1169cd7d77ebb15649bed 100644
--- a/include/grpc++/server_credentials.h
+++ b/include/grpc++/server_credentials.h
@@ -35,6 +35,7 @@
#define __GRPCPP_SERVER_CREDENTIALS_H_
#include <memory>
+#include <vector>
#include <grpc++/config.h>
@@ -60,9 +61,12 @@ class ServerCredentials final {
// Options to create ServerCredentials with SSL
struct SslServerCredentialsOptions {
+ struct PemKeyCertPair{
+ grpc::string private_key;
+ grpc::string cert_chain;
+ };
grpc::string pem_root_certs;
- grpc::string pem_private_key;
- grpc::string pem_cert_chain;
+ std::vector<PemKeyCertPair> pem_key_cert_pairs;
};
// Factory for building different types of ServerCredentials
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index 644b31f763b6486b9536b809c54eea1ab7160ced..0732a8f83a580c76f999053b4673c56bf804efb8 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -54,22 +54,26 @@ void grpc_credentials_release(grpc_credentials *creds);
/* Creates default credentials. */
grpc_credentials *grpc_default_credentials_create(void);
+/* Object that holds a private key / certificate chain pair in PEM format. */
+typedef struct {
+ /* private_key is the NULL-terminated string containing the PEM encoding of
+ the client's private key. */
+ const char *private_key;
+
+ /* cert_chain is the NULL-terminated string containing the PEM encoding of
+ the client's certificate chain. */
+ const char *cert_chain;
+} grpc_ssl_pem_key_cert_pair;
+
/* Creates an SSL credentials object.
- - pem_roots_cert is the buffer containing the PEM encoding of the server
- root certificates. This parameter cannot be NULL.
- - pem_roots_cert_size is the size of the associated buffer.
- - pem_private_key is the buffer containing the PEM encoding of the client's
- private key. This parameter can be NULL if the client does not have a
- private key.
- - pem_private_key_size is the size of the associated buffer.
- - pem_cert_chain is the buffer containing the PEM encoding of the client's
- certificate chain. This parameter can be NULL if the client does not have
- a certificate chain.
- - pem_cert_chain_size is the size of the associated buffer. */
+ - pem_roots_cert is the NULL-terminated string containing the PEM encoding
+ of the server root certificates. If this parameter is NULL, the default
+ roots will be used.
+ - pem_key_cert_pair is a pointer on the object containing client's private
+ key and certificate chain. This parameter can be NULL if the client does
+ not have such a key/cert pair. */
grpc_credentials *grpc_ssl_credentials_create(
- const unsigned char *pem_root_certs, size_t pem_root_certs_size,
- const unsigned char *pem_private_key, size_t pem_private_key_size,
- const unsigned char *pem_cert_chain, size_t pem_cert_chain_size);
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair);
/* Creates a composite credentials object. */
grpc_credentials *grpc_composite_credentials_create(grpc_credentials *creds1,
@@ -130,22 +134,16 @@ typedef struct grpc_server_credentials grpc_server_credentials;
void grpc_server_credentials_release(grpc_server_credentials *creds);
/* Creates an SSL server_credentials object.
- TODO(jboeuf): Change the constructor so that it can support multiple
- key/cert pairs.
- - pem_roots_cert is the buffer containing the PEM encoding of the server
- root certificates. This parameter may be NULL if the server does not want
- the client to be authenticated with SSL.
- - pem_roots_cert_size is the size of the associated buffer.
- - pem_private_key is the buffer containing the PEM encoding of the client's
- private key. This parameter cannot be NULL.
- - pem_private_key_size is the size of the associated buffer.
- - pem_cert_chain is the buffer containing the PEM encoding of the client's
- certificate chain. This parameter cannot be NULL.
- - pem_cert_chain_size is the size of the associated buffer. */
+ - pem_roots_cert is the NULL-terminated string containing the PEM encoding of
+ the client root certificates. This parameter may be NULL if the server does
+ not want the client to be authenticated with SSL.
+ - pem_key_cert_pairs is an array private key / certificate chains of the
+ server. This parameter cannot be NULL.
+ - num_key_cert_pairs indicates the number of items in the private_key_files
+ and cert_chain_files parameters. It should be at least 1. */
grpc_server_credentials *grpc_ssl_server_credentials_create(
- const unsigned char *pem_root_certs, size_t pem_root_certs_size,
- const unsigned char *pem_private_key, size_t pem_private_key_size,
- const unsigned char *pem_cert_chain, size_t pem_cert_chain_size);
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
+ size_t num_key_cert_pairs);
/* Creates a fake server transport security credentials object for testing. */
grpc_server_credentials *grpc_fake_transport_security_server_credentials_create(
diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c
index 006d863e27ba0a72d792f4012a8d5da6567adef8..628963e46cde1cdd527b45570cbaf971b2c50660 100644
--- a/src/core/security/credentials.c
+++ b/src/core/security/credentials.c
@@ -139,7 +139,7 @@ typedef struct {
typedef struct {
grpc_server_credentials base;
- grpc_ssl_config config;
+ grpc_ssl_server_config config;
} grpc_ssl_server_credentials;
static void ssl_destroy(grpc_credentials *creds) {
@@ -152,9 +152,24 @@ static void ssl_destroy(grpc_credentials *creds) {
static void ssl_server_destroy(grpc_server_credentials *creds) {
grpc_ssl_server_credentials *c = (grpc_ssl_server_credentials *)creds;
+ size_t i;
+ for (i = 0; i < c->config.num_key_cert_pairs; i++) {
+ if (c->config.pem_private_keys[i] != NULL) {
+ gpr_free(c->config.pem_private_keys[i]);
+ }
+ if (c->config.pem_cert_chains[i]!= NULL) {
+ gpr_free(c->config.pem_cert_chains[i]);
+ }
+ }
+ if (c->config.pem_private_keys != NULL) gpr_free(c->config.pem_private_keys);
+ if (c->config.pem_private_keys_sizes != NULL) {
+ gpr_free(c->config.pem_private_keys_sizes);
+ }
+ if (c->config.pem_cert_chains != NULL) gpr_free(c->config.pem_cert_chains);
+ if (c->config.pem_cert_chains_sizes != NULL) {
+ gpr_free(c->config.pem_cert_chains_sizes);
+ }
if (c->config.pem_root_certs != NULL) gpr_free(c->config.pem_root_certs);
- if (c->config.pem_private_key != NULL) gpr_free(c->config.pem_private_key);
- if (c->config.pem_cert_chain != NULL) gpr_free(c->config.pem_cert_chain);
gpr_free(creds);
}
@@ -179,7 +194,7 @@ const grpc_ssl_config *grpc_ssl_credentials_get_config(
}
}
-const grpc_ssl_config *grpc_ssl_server_credentials_get_config(
+const grpc_ssl_server_config *grpc_ssl_server_credentials_get_config(
const grpc_server_credentials *creds) {
if (creds == NULL || strcmp(creds->type, GRPC_CREDENTIALS_TYPE_SSL)) {
return NULL;
@@ -189,57 +204,89 @@ const grpc_ssl_config *grpc_ssl_server_credentials_get_config(
}
}
-static void ssl_build_config(const unsigned char *pem_root_certs,
- size_t pem_root_certs_size,
- const unsigned char *pem_private_key,
- size_t pem_private_key_size,
- const unsigned char *pem_cert_chain,
- size_t pem_cert_chain_size,
+static void ssl_copy_key_material(const char *input, unsigned char **output,
+ size_t *output_size) {
+ *output_size = strlen(input);
+ *output = gpr_malloc(*output_size);
+ memcpy(*output, input, *output_size);
+}
+
+static void ssl_build_config(const char *pem_root_certs,
+ grpc_ssl_pem_key_cert_pair *pem_key_cert_pair,
grpc_ssl_config *config) {
+ if (pem_root_certs == NULL) {
+ /* TODO(jboeuf): Get them from the environment. */
+ gpr_log(GPR_ERROR, "Default SSL roots not yet implemented.");
+ } else {
+ ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
+ &config->pem_root_certs_size);
+ }
+
+ if (pem_key_cert_pair != NULL) {
+ GPR_ASSERT(pem_key_cert_pair->private_key != NULL);
+ GPR_ASSERT(pem_key_cert_pair->cert_chain != NULL);
+ ssl_copy_key_material(pem_key_cert_pair->private_key,
+ &config->pem_private_key,
+ &config->pem_private_key_size);
+ ssl_copy_key_material(pem_key_cert_pair->cert_chain,
+ &config->pem_cert_chain,
+ &config->pem_cert_chain_size);
+ }
+}
+
+static void ssl_build_server_config(
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
+ size_t num_key_cert_pairs, grpc_ssl_server_config *config) {
+ size_t i;
if (pem_root_certs != NULL) {
- config->pem_root_certs = gpr_malloc(pem_root_certs_size);
- memcpy(config->pem_root_certs, pem_root_certs, pem_root_certs_size);
- config->pem_root_certs_size = pem_root_certs_size;
+ ssl_copy_key_material(pem_root_certs, &config->pem_root_certs,
+ &config->pem_root_certs_size);
}
- if (pem_private_key != NULL) {
- config->pem_private_key = gpr_malloc(pem_private_key_size);
- memcpy(config->pem_private_key, pem_private_key, pem_private_key_size);
- config->pem_private_key_size = pem_private_key_size;
+ if (num_key_cert_pairs > 0) {
+ GPR_ASSERT(pem_key_cert_pairs != NULL);
+ config->pem_private_keys =
+ gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *));
+ config->pem_cert_chains =
+ gpr_malloc(num_key_cert_pairs * sizeof(unsigned char *));
+ config->pem_private_keys_sizes =
+ gpr_malloc(num_key_cert_pairs * sizeof(size_t));
+ config->pem_cert_chains_sizes =
+ gpr_malloc(num_key_cert_pairs * sizeof(size_t));
}
- if (pem_cert_chain != NULL) {
- config->pem_cert_chain = gpr_malloc(pem_cert_chain_size);
- memcpy(config->pem_cert_chain, pem_cert_chain, pem_cert_chain_size);
- config->pem_cert_chain_size = pem_cert_chain_size;
+ config->num_key_cert_pairs = num_key_cert_pairs;
+ for (i = 0; i < num_key_cert_pairs; i++) {
+ GPR_ASSERT(pem_key_cert_pairs[i].private_key != NULL);
+ GPR_ASSERT(pem_key_cert_pairs[i].cert_chain != NULL);
+ ssl_copy_key_material(pem_key_cert_pairs[i].private_key,
+ &config->pem_private_keys[i],
+ &config->pem_private_keys_sizes[i]);
+ ssl_copy_key_material(pem_key_cert_pairs[i].cert_chain,
+ &config->pem_cert_chains[i],
+ &config->pem_cert_chains_sizes[i]);
}
}
grpc_credentials *grpc_ssl_credentials_create(
- const unsigned char *pem_root_certs, size_t pem_root_certs_size,
- const unsigned char *pem_private_key, size_t pem_private_key_size,
- const unsigned char *pem_cert_chain, size_t pem_cert_chain_size) {
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pair) {
grpc_ssl_credentials *c = gpr_malloc(sizeof(grpc_ssl_credentials));
memset(c, 0, sizeof(grpc_ssl_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_SSL;
c->base.vtable = &ssl_vtable;
gpr_ref_init(&c->base.refcount, 1);
- ssl_build_config(pem_root_certs, pem_root_certs_size, pem_private_key,
- pem_private_key_size, pem_cert_chain, pem_cert_chain_size,
- &c->config);
+ ssl_build_config(pem_root_certs, pem_key_cert_pair, &c->config);
return &c->base;
}
grpc_server_credentials *grpc_ssl_server_credentials_create(
- const unsigned char *pem_root_certs, size_t pem_root_certs_size,
- const unsigned char *pem_private_key, size_t pem_private_key_size,
- const unsigned char *pem_cert_chain, size_t pem_cert_chain_size) {
+ const char *pem_root_certs, grpc_ssl_pem_key_cert_pair *pem_key_cert_pairs,
+ size_t num_key_cert_pairs) {
grpc_ssl_server_credentials *c =
gpr_malloc(sizeof(grpc_ssl_server_credentials));
memset(c, 0, sizeof(grpc_ssl_server_credentials));
c->base.type = GRPC_CREDENTIALS_TYPE_SSL;
c->base.vtable = &ssl_server_vtable;
- ssl_build_config(pem_root_certs, pem_root_certs_size, pem_private_key,
- pem_private_key_size, pem_cert_chain, pem_cert_chain_size,
- &c->config);
+ ssl_build_server_config(pem_root_certs, pem_key_cert_pairs,
+ num_key_cert_pairs, &c->config);
return &c->base;
}
diff --git a/src/core/security/credentials.h b/src/core/security/credentials.h
index 4a2532d7c4158658607fbd4a54167b7298bdbdcd..8a9ff41e108e58fe2eca2546edddbb31164274b1 100644
--- a/src/core/security/credentials.h
+++ b/src/core/security/credentials.h
@@ -137,10 +137,17 @@ struct grpc_server_credentials {
const char *type;
};
-/* TODO(jboeuf): Have an ssl_server_config that can contain multiple key/cert
- pairs. */
+typedef struct {
+ unsigned char **pem_private_keys;
+ size_t *pem_private_keys_sizes;
+ unsigned char **pem_cert_chains;
+ size_t *pem_cert_chains_sizes;
+ size_t num_key_cert_pairs;
+ unsigned char *pem_root_certs;
+ size_t pem_root_certs_size;
+} grpc_ssl_server_config;
-const grpc_ssl_config *grpc_ssl_server_credentials_get_config(
+const grpc_ssl_server_config *grpc_ssl_server_credentials_get_config(
const grpc_server_credentials *ssl_creds);
#endif /* __GRPC_INTERNAL_SECURITY_CREDENTIALS_H__ */
diff --git a/src/core/security/security_context.c b/src/core/security/security_context.c
index 3a70f44a0a109c11c8d6d7dc286e70106dbc8be3..cce3c7fe04fc39aec3b86fd2d6ec8c003a361bfd 100644
--- a/src/core/security/security_context.c
+++ b/src/core/security/security_context.c
@@ -382,7 +382,7 @@ error:
}
grpc_security_status grpc_ssl_server_security_context_create(
- const grpc_ssl_config *config, grpc_security_context **ctx) {
+ const grpc_ssl_server_config *config, grpc_security_context **ctx) {
size_t num_alpn_protocols = grpc_chttp2_num_alpn_versions();
const unsigned char **alpn_protocol_strings =
gpr_malloc(sizeof(const char *) * num_alpn_protocols);
@@ -399,8 +399,7 @@ grpc_security_status grpc_ssl_server_security_context_create(
strlen(grpc_chttp2_get_alpn_version_index(i));
}
- if (config == NULL || config->pem_private_key == NULL ||
- config->pem_cert_chain == NULL) {
+ if (config == NULL || config->num_key_cert_pairs == 0) {
gpr_log(GPR_ERROR, "An SSL server needs a key and a cert.");
goto error;
}
@@ -410,13 +409,13 @@ grpc_security_status grpc_ssl_server_security_context_create(
gpr_ref_init(&c->base.refcount, 1);
c->base.vtable = &ssl_server_vtable;
result = tsi_create_ssl_server_handshaker_factory(
- (const unsigned char **)&config->pem_private_key,
- &config->pem_private_key_size,
- (const unsigned char **)&config->pem_cert_chain,
- &config->pem_cert_chain_size, 1, config->pem_root_certs,
- config->pem_root_certs_size, GRPC_SSL_CIPHER_SUITES,
- alpn_protocol_strings, alpn_protocol_string_lengths, num_alpn_protocols,
- &c->handshaker_factory);
+ (const unsigned char **)config->pem_private_keys,
+ config->pem_private_keys_sizes,
+ (const unsigned char **)config->pem_cert_chains,
+ config->pem_cert_chains_sizes, config->num_key_cert_pairs,
+ config->pem_root_certs, config->pem_root_certs_size,
+ GRPC_SSL_CIPHER_SUITES, alpn_protocol_strings,
+ alpn_protocol_string_lengths, num_alpn_protocols, &c->handshaker_factory);
if (result != TSI_OK) {
gpr_log(GPR_ERROR, "Handshaker factory creation failed with %s.",
tsi_result_to_string(result));
diff --git a/src/core/security/security_context.h b/src/core/security/security_context.h
index 9ace7f1ccb9818c083f2a1dd2cda65b443f8ee85..2caa2d36900f194bef2a9f91b75d4aec567687f2 100644
--- a/src/core/security/security_context.h
+++ b/src/core/security/security_context.h
@@ -157,7 +157,7 @@ grpc_security_status grpc_ssl_channel_security_context_create(
specific error code otherwise.
*/
grpc_security_status grpc_ssl_server_security_context_create(
- const grpc_ssl_config *config, grpc_security_context **ctx);
+ const grpc_ssl_server_config *config, grpc_security_context **ctx);
/* --- Creation of high level objects. --- */
diff --git a/src/cpp/client/credentials.cc b/src/cpp/client/credentials.cc
index 0955fa28aed49f4ea0cb8ffde2a9ae6d8d4de7bf..8e3a9884770cbf8cface579e13d57e5c2be1157c 100644
--- a/src/cpp/client/credentials.cc
+++ b/src/cpp/client/credentials.cc
@@ -54,26 +54,12 @@ std::unique_ptr<Credentials> CredentialsFactory::DefaultCredentials() {
// Builds SSL Credentials given SSL specific options
std::unique_ptr<Credentials> CredentialsFactory::SslCredentials(
const SslCredentialsOptions &options) {
- const unsigned char *pem_root_certs =
- options.pem_root_certs.empty() ? nullptr
- : reinterpret_cast<const unsigned char *>(
- options.pem_root_certs.c_str());
- if (pem_root_certs == nullptr) {
- return std::unique_ptr<Credentials>();
- }
- const unsigned char *pem_private_key =
- options.pem_private_key.empty() ? nullptr
- : reinterpret_cast<const unsigned char *>(
- options.pem_private_key.c_str());
- const unsigned char *pem_cert_chain =
- options.pem_cert_chain.empty() ? nullptr
- : reinterpret_cast<const unsigned char *>(
- options.pem_cert_chain.c_str());
+ grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {
+ options.pem_private_key.c_str(), options.pem_cert_chain.c_str()};
grpc_credentials *c_creds = grpc_ssl_credentials_create(
- pem_root_certs, options.pem_root_certs.size(), pem_private_key,
- options.pem_private_key.size(), pem_cert_chain,
- options.pem_cert_chain.size());
+ options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(),
+ options.pem_private_key.empty() ? nullptr : &pem_key_cert_pair);
std::unique_ptr<Credentials> cpp_creds(
c_creds == nullptr ? nullptr : new Credentials(c_creds));
return cpp_creds;
diff --git a/src/cpp/server/server_credentials.cc b/src/cpp/server/server_credentials.cc
index b82a2d821a31283b335e83bc83f12135ab615b6a..ce0271b6a0aa6c48a94aae25e6e95cf239f6d89a 100644
--- a/src/cpp/server/server_credentials.cc
+++ b/src/cpp/server/server_credentials.cc
@@ -48,23 +48,14 @@ grpc_server_credentials *ServerCredentials::GetRawCreds() { return creds_; }
std::shared_ptr<ServerCredentials> ServerCredentialsFactory::SslCredentials(
const SslServerCredentialsOptions &options) {
- const unsigned char *pem_root_certs =
- options.pem_root_certs.empty() ? nullptr
- : reinterpret_cast<const unsigned char *>(
- options.pem_root_certs.c_str());
- const unsigned char *pem_private_key =
- options.pem_private_key.empty() ? nullptr
- : reinterpret_cast<const unsigned char *>(
- options.pem_private_key.c_str());
- const unsigned char *pem_cert_chain =
- options.pem_cert_chain.empty() ? nullptr
- : reinterpret_cast<const unsigned char *>(
- options.pem_cert_chain.c_str());
-
+ std::vector<grpc_ssl_pem_key_cert_pair> pem_key_cert_pairs;
+ for (const auto &key_cert_pair : options.pem_key_cert_pairs) {
+ pem_key_cert_pairs.push_back(
+ {key_cert_pair.private_key.c_str(), key_cert_pair.cert_chain.c_str()});
+ }
grpc_server_credentials *c_creds = grpc_ssl_server_credentials_create(
- pem_root_certs, options.pem_root_certs.size(), pem_private_key,
- options.pem_private_key.size(), pem_cert_chain,
- options.pem_cert_chain.size());
+ options.pem_root_certs.empty() ? nullptr : options.pem_root_certs.c_str(),
+ &pem_key_cert_pairs[0], pem_key_cert_pairs.size());
return std::shared_ptr<ServerCredentials>(new ServerCredentials(c_creds));
}
diff --git a/src/node/binding.gyp b/src/node/binding.gyp
index 4a1fd7aaf081bb94ecc861c7cf45b3793b762bc4..da4a9434910b60072e1905358f9cdf901e946888 100644
--- a/src/node/binding.gyp
+++ b/src/node/binding.gyp
@@ -19,9 +19,6 @@
'link_settings': {
'libraries': [
'-lgrpc',
- '-levent',
- '-levent_pthreads',
- '-levent_core',
'-lrt',
'-lgpr',
'-lpthread'
diff --git a/src/node/credentials.cc b/src/node/credentials.cc
index d58b7eda8931b27883693f53bb60b9093e929f5e..f9cd2fcfe0d8f14248ccbd9e805a3104299cad37 100644
--- a/src/node/credentials.cc
+++ b/src/node/credentials.cc
@@ -136,33 +136,29 @@ NAN_METHOD(Credentials::CreateDefault) {
NAN_METHOD(Credentials::CreateSsl) {
NanScope();
- char *root_certs;
- char *private_key = NULL;
- char *cert_chain = NULL;
- int root_certs_length, private_key_length = 0, cert_chain_length = 0;
- if (!Buffer::HasInstance(args[0])) {
+ char *root_certs = NULL;
+ grpc_ssl_pem_key_cert_pair key_cert_pair = {NULL, NULL};
+ if (Buffer::HasInstance(args[0])) {
+ root_certs = Buffer::Data(args[0]);
+ } else if (!(args[0]->IsNull() || args[0]->IsUndefined())) {
return NanThrowTypeError("createSsl's first argument must be a Buffer");
}
- root_certs = Buffer::Data(args[0]);
- root_certs_length = Buffer::Length(args[0]);
if (Buffer::HasInstance(args[1])) {
- private_key = Buffer::Data(args[1]);
- private_key_length = Buffer::Length(args[1]);
+ key_cert_pair.private_key = Buffer::Data(args[1]);
} else if (!(args[1]->IsNull() || args[1]->IsUndefined())) {
return NanThrowTypeError(
"createSSl's second argument must be a Buffer if provided");
}
if (Buffer::HasInstance(args[2])) {
- cert_chain = Buffer::Data(args[2]);
- cert_chain_length = Buffer::Length(args[2]);
+ key_cert_pair.cert_chain = Buffer::Data(args[2]);
} else if (!(args[2]->IsNull() || args[2]->IsUndefined())) {
return NanThrowTypeError(
"createSSl's third argument must be a Buffer if provided");
}
+
NanReturnValue(WrapStruct(grpc_ssl_credentials_create(
- reinterpret_cast<unsigned char *>(root_certs), root_certs_length,
- reinterpret_cast<unsigned char *>(private_key), private_key_length,
- reinterpret_cast<unsigned char *>(cert_chain), cert_chain_length)));
+ root_certs,
+ key_cert_pair.private_key == NULL ? NULL : &key_cert_pair)));
}
NAN_METHOD(Credentials::CreateComposite) {
diff --git a/src/node/server_credentials.cc b/src/node/server_credentials.cc
index 38df54752781c127ac19fe5c3cacab193742c7e0..393f3a63052fd3b5dcfcae3d8767f08fa34d5156 100644
--- a/src/node/server_credentials.cc
+++ b/src/node/server_credentials.cc
@@ -123,14 +123,12 @@ NAN_METHOD(ServerCredentials::New) {
}
NAN_METHOD(ServerCredentials::CreateSsl) {
+ // TODO: have the node API support multiple key/cert pairs.
NanScope();
char *root_certs = NULL;
- char *private_key;
- char *cert_chain;
- int root_certs_length = 0, private_key_length, cert_chain_length;
+ grpc_ssl_pem_key_cert_pair key_cert_pair;
if (Buffer::HasInstance(args[0])) {
root_certs = Buffer::Data(args[0]);
- root_certs_length = Buffer::Length(args[0]);
} else if (!(args[0]->IsNull() || args[0]->IsUndefined())) {
return NanThrowTypeError(
"createSSl's first argument must be a Buffer if provided");
@@ -138,17 +136,13 @@ NAN_METHOD(ServerCredentials::CreateSsl) {
if (!Buffer::HasInstance(args[1])) {
return NanThrowTypeError("createSsl's second argument must be a Buffer");
}
- private_key = Buffer::Data(args[1]);
- private_key_length = Buffer::Length(args[1]);
+ key_cert_pair.private_key = Buffer::Data(args[1]);
if (!Buffer::HasInstance(args[2])) {
return NanThrowTypeError("createSsl's third argument must be a Buffer");
}
- cert_chain = Buffer::Data(args[2]);
- cert_chain_length = Buffer::Length(args[2]);
- NanReturnValue(WrapStruct(grpc_ssl_server_credentials_create(
- reinterpret_cast<unsigned char *>(root_certs), root_certs_length,
- reinterpret_cast<unsigned char *>(private_key), private_key_length,
- reinterpret_cast<unsigned char *>(cert_chain), cert_chain_length)));
+ key_cert_pair.cert_chain = Buffer::Data(args[2]);
+ NanReturnValue(WrapStruct(
+ grpc_ssl_server_credentials_create(root_certs, &key_cert_pair, 1)));
}
NAN_METHOD(ServerCredentials::CreateFake) {
diff --git a/src/php/ext/grpc/credentials.c b/src/php/ext/grpc/credentials.c
index 2a83d1cbc1e9ca3a1cb997da97ad13193cc3a018..c63196bf909ef062f204d152bd9750d12cedb98d 100644
--- a/src/php/ext/grpc/credentials.c
+++ b/src/php/ext/grpc/credentials.c
@@ -77,24 +77,23 @@ PHP_METHOD(Credentials, createDefault) {
*/
PHP_METHOD(Credentials, createSsl) {
char *pem_root_certs;
- char *pem_private_key = NULL;
- char *pem_cert_chain = NULL;
+ grpc_ssl_pem_key_cert_pair pem_key_cert_pair;
int root_certs_length, private_key_length = 0, cert_chain_length = 0;
/* "s|s!s! == 1 string, 2 optional nullable strings */
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s!s!",
&pem_root_certs, &root_certs_length,
- &pem_private_key, &private_key_length,
- &pem_cert_chain, &cert_chain_length) == FAILURE) {
+ &pem_key_cert_pair.private_key, &private_key_length,
+ &pem_key_cert_pair.cert_chain,
+ &cert_chain_length) == FAILURE) {
zend_throw_exception(spl_ce_InvalidArgumentException,
"createSsl expects 1 to 3 strings", 1 TSRMLS_CC);
return;
}
grpc_credentials *creds = grpc_ssl_credentials_create(
- (unsigned char *)pem_root_certs, (size_t)root_certs_length,
- (unsigned char *)pem_private_key, (size_t)private_key_length,
- (unsigned char *)pem_cert_chain, (size_t)cert_chain_length);
+ pem_root_certs,
+ pem_key_cert_pair.private_key == NULL ? NULL : &pem_key_cert_pair);
zval *creds_object = grpc_php_wrap_credentials(creds);
RETURN_DESTROY_ZVAL(creds_object);
}
diff --git a/src/php/ext/grpc/server_credentials.c b/src/php/ext/grpc/server_credentials.c
index 1f8e58aa4d1678570945dfa944251ef32d0c5336..3d43d6a78c704950eab5de445ffb7fd5ec5adf30 100644
--- a/src/php/ext/grpc/server_credentials.c
+++ b/src/php/ext/grpc/server_credentials.c
@@ -66,24 +66,22 @@ zval *grpc_php_wrap_server_credentials(grpc_server_credentials *wrapped) {
*/
PHP_METHOD(ServerCredentials, createSsl) {
char *pem_root_certs = 0;
- char *pem_private_key;
- char *pem_cert_chain;
+ grpc_ssl_pem_key_cert_pair pem_key_cert_pair;
int root_certs_length = 0, private_key_length, cert_chain_length;
/* "s!ss" == 1 nullable string, 2 strings */
+ /* TODO: support multiple key cert pairs. */
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s!ss", &pem_root_certs,
- &root_certs_length, &pem_private_key,
- &private_key_length, &pem_cert_chain,
+ &root_certs_length, &pem_key_cert_pair.private_key,
+ &private_key_length, &pem_key_cert_pair.cert_chain,
&cert_chain_length) == FAILURE) {
zend_throw_exception(spl_ce_InvalidArgumentException,
"createSsl expects 3 strings", 1 TSRMLS_CC);
return;
}
- grpc_server_credentials *creds = grpc_ssl_server_credentials_create(
- (unsigned char *)pem_root_certs, (size_t)root_certs_length,
- (unsigned char *)pem_private_key, (size_t)private_key_length,
- (unsigned char *)pem_cert_chain, (size_t)cert_chain_length);
+ grpc_server_credentials *creds =
+ grpc_ssl_server_credentials_create(pem_root_certs, &pem_key_cert_pair, 1);
zval *creds_object = grpc_php_wrap_server_credentials(creds);
RETURN_DESTROY_ZVAL(creds_object);
}
diff --git a/src/ruby/ext/grpc/extconf.rb b/src/ruby/ext/grpc/extconf.rb
index e948504e9e63c4e871c6ee1544c4b0b3e92a27d2..a6dbbf3aca1ea7b60c574836f6f210e0a1f5ef51 100644
--- a/src/ruby/ext/grpc/extconf.rb
+++ b/src/ruby/ext/grpc/extconf.rb
@@ -68,7 +68,7 @@ $CFLAGS << ' -Wno-return-type '
$CFLAGS << ' -Wall '
$CFLAGS << ' -pedantic '
-$LDFLAGS << ' -lgrpc -lgpr -levent -levent_pthreads -levent_core'
+$LDFLAGS << ' -lgrpc -lgpr'
# crash('need grpc lib') unless have_library('grpc', 'grpc_channel_destroy')
#
diff --git a/src/ruby/ext/grpc/rb_credentials.c b/src/ruby/ext/grpc/rb_credentials.c
index 5dec51824d9c869c80b94166de43ef46ea7a4c2f..31f47f3b761daf7f99d11ab3db25803cdb75470e 100644
--- a/src/ruby/ext/grpc/rb_credentials.c
+++ b/src/ruby/ext/grpc/rb_credentials.c
@@ -214,6 +214,7 @@ static VALUE grpc_rb_credentials_init(int argc, VALUE *argv, VALUE self) {
VALUE pem_cert_chain = Qnil;
grpc_rb_credentials *wrapper = NULL;
grpc_credentials *creds = NULL;
+ /* TODO: Remove mandatory arg when we support default roots. */
/* "12" == 1 mandatory arg, 2 (credentials) is optional */
rb_scan_args(argc, argv, "12", &pem_root_certs, &pem_private_key,
&pem_cert_chain);
@@ -225,22 +226,12 @@ static VALUE grpc_rb_credentials_init(int argc, VALUE *argv, VALUE self) {
return Qnil;
}
if (pem_private_key == Qnil && pem_cert_chain == Qnil) {
- creds = grpc_ssl_credentials_create(RSTRING_PTR(pem_root_certs),
- RSTRING_LEN(pem_root_certs), NULL, 0,
- NULL, 0);
- } else if (pem_cert_chain == Qnil) {
- creds = grpc_ssl_credentials_create(
- RSTRING_PTR(pem_root_certs), RSTRING_LEN(pem_root_certs),
- RSTRING_PTR(pem_private_key), RSTRING_LEN(pem_private_key),
- RSTRING_PTR(pem_cert_chain), RSTRING_LEN(pem_cert_chain));
- } else if (pem_private_key == Qnil) {
- creds = grpc_ssl_credentials_create(
- RSTRING_PTR(pem_root_certs), RSTRING_LEN(pem_root_certs), NULL, 0,
- RSTRING_PTR(pem_cert_chain), RSTRING_LEN(pem_cert_chain));
+ creds = grpc_ssl_credentials_create(RSTRING_PTR(pem_root_certs), NULL);
} else {
+ grpc_ssl_pem_key_cert_pair key_cert_pair = {RSTRING_PTR(pem_private_key),
+ RSTRING_PTR(pem_cert_chain)};
creds = grpc_ssl_credentials_create(
- RSTRING_PTR(pem_root_certs), RSTRING_LEN(pem_root_certs),
- RSTRING_PTR(pem_private_key), RSTRING_LEN(pem_private_key), NULL, 0);
+ RSTRING_PTR(pem_root_certs), &key_cert_pair);
}
if (creds == NULL) {
rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why");
diff --git a/src/ruby/ext/grpc/rb_server_credentials.c b/src/ruby/ext/grpc/rb_server_credentials.c
index e534c114443d651d9e8fa4238a2e83f622c94932..4f6c67ea5e3b6936bcd229bd38cb7dbc03829fad 100644
--- a/src/ruby/ext/grpc/rb_server_credentials.c
+++ b/src/ruby/ext/grpc/rb_server_credentials.c
@@ -145,8 +145,10 @@ static ID id_pem_cert_chain;
static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs,
VALUE pem_private_key,
VALUE pem_cert_chain) {
+ /* TODO support multiple key cert pairs in the ruby API. */
grpc_rb_server_credentials *wrapper = NULL;
grpc_server_credentials *creds = NULL;
+ grpc_ssl_pem_key_cert_pair key_cert_pair = {NULL, NULL};
Data_Get_Struct(self, grpc_rb_server_credentials, wrapper);
if (pem_cert_chain == Qnil) {
rb_raise(rb_eRuntimeError,
@@ -157,15 +159,13 @@ static VALUE grpc_rb_server_credentials_init(VALUE self, VALUE pem_root_certs,
"could not create a server credential: nil pem_private_key");
return Qnil;
}
+ key_cert_pair.private_key = RSTRING_PTR(pem_private_key);
+ key_cert_pair.cert_chain = RSTRING_PTR(pem_cert_chain);
if (pem_root_certs == Qnil) {
- creds = grpc_ssl_server_credentials_create(
- NULL, 0, RSTRING_PTR(pem_private_key), RSTRING_LEN(pem_private_key),
- RSTRING_PTR(pem_cert_chain), RSTRING_LEN(pem_cert_chain));
+ creds = grpc_ssl_server_credentials_create(NULL, &key_cert_pair, 1);
} else {
- creds = grpc_ssl_server_credentials_create(
- RSTRING_PTR(pem_root_certs), RSTRING_LEN(pem_root_certs),
- RSTRING_PTR(pem_private_key), RSTRING_LEN(pem_private_key),
- RSTRING_PTR(pem_cert_chain), RSTRING_LEN(pem_cert_chain));
+ creds = grpc_ssl_server_credentials_create(RSTRING_PTR(pem_root_certs),
+ &key_cert_pair, 1);
}
if (creds == NULL) {
rb_raise(rb_eRuntimeError, "could not create a credentials, not sure why");
diff --git a/test/core/end2end/data/prod_roots_certs.c b/test/core/end2end/data/prod_roots_certs.c
index 21a199ce3750213b95cb4c2657487db2f63da67c..3b66d236c368e7a7df10f8008bfd28118bb8ed74 100644
--- a/test/core/end2end/data/prod_roots_certs.c
+++ b/test/core/end2end/data/prod_roots_certs.c
@@ -31,7 +31,7 @@
*
*/
-unsigned char prod_roots_certs[] = {
+const char prod_roots_certs[] = {
0x23, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x3a, 0x20, 0x43, 0x4e,
0x3d, 0x47, 0x54, 0x45, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72,
0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x52,
@@ -11270,5 +11270,4 @@ unsigned char prod_roots_certs[] = {
0x33, 0x50, 0x59, 0x74, 0x6c, 0x4e, 0x58, 0x4c, 0x66, 0x62, 0x51, 0x34,
0x64, 0x64, 0x49, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44,
0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45,
- 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a};
-unsigned int prod_roots_certs_size = 134862;
+ 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x00};
diff --git a/test/core/end2end/data/server1_cert.c b/test/core/end2end/data/server1_cert.c
index da1d36653c9f9e4d1e0b98c4988f7d6de4cd9ba9..134b9cb98e4799e91f464383e999ffd137502bcd 100644
--- a/test/core/end2end/data/server1_cert.c
+++ b/test/core/end2end/data/server1_cert.c
@@ -31,7 +31,7 @@
*
*/
-unsigned char test_server1_cert[] = {
+const char test_server1_cert[] = {
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43,
0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x6d, 0x7a, 0x43, 0x43,
@@ -112,5 +112,4 @@ unsigned char test_server1_cert[] = {
0x32, 0x77, 0x65, 0x2f, 0x4b, 0x44, 0x34, 0x6f, 0x6a, 0x66, 0x39, 0x73,
0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43,
0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d,
- 0x2d, 0x2d, 0x2d, 0x0a};
-unsigned int test_server1_cert_size = 964;
+ 0x2d, 0x2d, 0x2d, 0x0a, 0x00};
diff --git a/test/core/end2end/data/server1_key.c b/test/core/end2end/data/server1_key.c
index 3540505467435b9caad8045a8ded0526e9722e10..992d3c032a9c3a4c71339b949bbeef8bf58ad8cf 100644
--- a/test/core/end2end/data/server1_key.c
+++ b/test/core/end2end/data/server1_key.c
@@ -31,7 +31,7 @@
*
*/
-unsigned char test_server1_key[] = {
+const char test_server1_key[] = {
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x52,
0x53, 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4b,
0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43,
@@ -105,5 +105,4 @@ unsigned char test_server1_key[] = {
0x6e, 0x68, 0x66, 0x66, 0x46, 0x79, 0x65, 0x37, 0x53, 0x42, 0x58, 0x79,
0x61, 0x67, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e,
0x44, 0x20, 0x52, 0x53, 0x41, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54,
- 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a};
-unsigned int test_server1_key_size = 887;
+ 0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x00};
diff --git a/test/core/end2end/data/ssl_test_data.h b/test/core/end2end/data/ssl_test_data.h
index 6ac19945b2f734de3acf95b25f4d3b04efbd5a2d..3456ebebd4b4733e6145c51df3d8e14a227dee53 100644
--- a/test/core/end2end/data/ssl_test_data.h
+++ b/test/core/end2end/data/ssl_test_data.h
@@ -34,14 +34,10 @@
#ifndef __GRPC_TEST_END2END_DATA_SSL_TEST_DATA_H__
#define __GRPC_TEST_END2END_DATA_SSL_TEST_DATA_H__
-extern unsigned char test_root_cert[];
-extern unsigned int test_root_cert_size;
-extern unsigned char test_server1_cert[];
-extern unsigned int test_server1_cert_size;
-extern unsigned char test_server1_key[];
-extern unsigned int test_server1_key_size;
+extern const char test_root_cert[];
+extern const char test_server1_cert[];
+extern const char test_server1_key[];
-extern unsigned char prod_roots_certs[];
-extern unsigned int prod_roots_certs_size;
+extern const char prod_roots_certs[];
#endif /* __GRPC_TEST_END2END_DATA_SSL_TEST_DATA_H__ */
diff --git a/test/core/end2end/data/test_root_cert.c b/test/core/end2end/data/test_root_cert.c
index fd01953ccbd9b4ad165cd60dbfefa6f4cbe9faa6..f358b0b79ac70133abf7c89ff5c9043031f35e58 100644
--- a/test/core/end2end/data/test_root_cert.c
+++ b/test/core/end2end/data/test_root_cert.c
@@ -31,7 +31,7 @@
*
*/
-unsigned char test_root_cert[] = {
+const char test_root_cert[] = {
0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43,
0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d,
0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x43, 0x49, 0x7a, 0x43, 0x43,
@@ -98,5 +98,4 @@ unsigned char test_root_cert[] = {
0x31, 0x59, 0x75, 0x58, 0x32, 0x72, 0x6e, 0x65, 0x78, 0x30, 0x4a, 0x68,
0x75, 0x54, 0x51, 0x66, 0x63, 0x49, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d,
0x2d, 0x45, 0x4e, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49,
- 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a};
-unsigned int test_root_cert_size = 802;
+ 0x43, 0x41, 0x54, 0x45, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x00};
diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c
index 7718d30b3e6a061fcfa0115c7284c666adcdc9a9..e5cdec8ea759e0b2ecce969576adb3294429e6d1 100644
--- a/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c
+++ b/test/core/end2end/fixtures/chttp2_simple_ssl_fullstack.c
@@ -98,8 +98,8 @@ void chttp2_tear_down_secure_fullstack(grpc_end2end_test_fixture *f) {
static void chttp2_init_client_simple_ssl_secure_fullstack(
grpc_end2end_test_fixture *f, grpc_channel_args *client_args) {
- grpc_credentials *ssl_creds = grpc_ssl_credentials_create(
- test_root_cert, test_root_cert_size, NULL, 0, NULL, 0);
+ grpc_credentials *ssl_creds =
+ grpc_ssl_credentials_create(test_root_cert, NULL);
grpc_arg ssl_name_override = {GRPC_ARG_STRING,
GRPC_SSL_TARGET_NAME_OVERRIDE_ARG,
{"foo.test.google.com"}};
@@ -111,9 +111,10 @@ static void chttp2_init_client_simple_ssl_secure_fullstack(
static void chttp2_init_server_simple_ssl_secure_fullstack(
grpc_end2end_test_fixture *f, grpc_channel_args *server_args) {
- grpc_server_credentials *ssl_creds = grpc_ssl_server_credentials_create(
- NULL, 0, test_server1_key, test_server1_key_size, test_server1_cert,
- test_server1_cert_size);
+ grpc_ssl_pem_key_cert_pair pem_cert_key_pair = {test_server1_key,
+ test_server1_cert};
+ grpc_server_credentials *ssl_creds =
+ grpc_ssl_server_credentials_create(NULL, &pem_cert_key_pair, 1);
chttp2_init_server_secure_fullstack(f, server_args, ssl_creds);
}
diff --git a/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c b/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c
index bb8af88c54fb33204a1a7c71de12ec79011b068a..8bfa465696f9003b29c695e41d13d02ed3a372e8 100644
--- a/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c
+++ b/test/core/end2end/fixtures/chttp2_simple_ssl_with_oauth2_fullstack.c
@@ -99,8 +99,7 @@ void chttp2_tear_down_secure_fullstack(grpc_end2end_test_fixture *f) {
static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack(
grpc_end2end_test_fixture *f, grpc_channel_args *client_args) {
- grpc_credentials *ssl_creds = grpc_ssl_credentials_create(
- test_root_cert, test_root_cert_size, NULL, 0, NULL, 0);
+ grpc_credentials *ssl_creds = grpc_ssl_credentials_create(test_root_cert, NULL);
grpc_credentials *oauth2_creds =
grpc_fake_oauth2_credentials_create("Bearer aaslkfjs424535asdf", 1);
grpc_credentials *ssl_oauth2_creds =
@@ -118,9 +117,10 @@ static void chttp2_init_client_simple_ssl_with_oauth2_secure_fullstack(
static void chttp2_init_server_simple_ssl_secure_fullstack(
grpc_end2end_test_fixture *f, grpc_channel_args *server_args) {
- grpc_server_credentials *ssl_creds = grpc_ssl_server_credentials_create(
- NULL, 0, test_server1_key, test_server1_key_size, test_server1_cert,
- test_server1_cert_size);
+ grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key,
+ test_server1_cert};
+ grpc_server_credentials *ssl_creds =
+ grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1);
chttp2_init_server_secure_fullstack(f, server_args, ssl_creds);
}
diff --git a/test/core/fling/server.c b/test/core/fling/server.c
index d68fbe7c3c1072f4c6823bf6f432bc9fa019bc32..f811aac284c0652309e00989e3077f563d4bdf7d 100644
--- a/test/core/fling/server.c
+++ b/test/core/fling/server.c
@@ -101,9 +101,10 @@ int main(int argc, char **argv) {
cq = grpc_completion_queue_create();
if (secure) {
- grpc_server_credentials *ssl_creds = grpc_ssl_server_credentials_create(
- NULL, 0, test_server1_key, test_server1_key_size, test_server1_cert,
- test_server1_cert_size);
+ grpc_ssl_pem_key_cert_pair pem_key_cert_pair = {test_server1_key,
+ test_server1_cert};
+ grpc_server_credentials *ssl_creds =
+ grpc_ssl_server_credentials_create(NULL, &pem_key_cert_pair, 1);
server = grpc_secure_server_create(ssl_creds, cq, NULL);
GPR_ASSERT(grpc_server_add_secure_http2_port(server, addr));
grpc_server_credentials_release(ssl_creds);
diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c
index 619f09308e7c7074d504964ab2006cec4aa0254c..9c60f4c23380ae7fb0cb0781de42ffc2d81aa3cf 100644
--- a/test/core/security/credentials_test.c
+++ b/test/core/security/credentials_test.c
@@ -48,7 +48,7 @@ static const char test_iam_authorization_token[] = "blahblahblhahb";
static const char test_iam_authority_selector[] = "respectmyauthoritah";
static const char test_oauth2_bearer_token[] =
"Bearer blaaslkdjfaslkdfasdsfasf";
-static const unsigned char test_root_cert[] = {0xDE, 0xAD, 0xBE, 0xEF};
+static const char test_root_cert[] = "I am the root!";
/* This JSON key was generated with the GCE console and revoked immediately.
The identifiers have been changed as well.
@@ -275,8 +275,8 @@ static void check_ssl_oauth2_composite_metadata(
}
static void test_ssl_oauth2_composite_creds(void) {
- grpc_credentials *ssl_creds = grpc_ssl_credentials_create(
- test_root_cert, sizeof(test_root_cert), NULL, 0, NULL, 0);
+ grpc_credentials *ssl_creds =
+ grpc_ssl_credentials_create(test_root_cert, NULL);
const grpc_credentials_array *creds_array;
grpc_credentials *oauth2_creds =
grpc_fake_oauth2_credentials_create(test_oauth2_bearer_token, 0);
@@ -312,8 +312,8 @@ static void check_ssl_oauth2_iam_composite_metadata(
}
static void test_ssl_oauth2_iam_composite_creds(void) {
- grpc_credentials *ssl_creds = grpc_ssl_credentials_create(
- test_root_cert, sizeof(test_root_cert), NULL, 0, NULL, 0);
+ grpc_credentials *ssl_creds =
+ grpc_ssl_credentials_create(test_root_cert, NULL);
const grpc_credentials_array *creds_array;
grpc_credentials *oauth2_creds =
grpc_fake_oauth2_credentials_create(test_oauth2_bearer_token, 0);
diff --git a/test/cpp/client/credentials_test.cc b/test/cpp/client/credentials_test.cc
index ea088b87bd551163bf88e90f4d5efc289b573950..174d2187b0b16f2df2ef3318d161960073843ad8 100644
--- a/test/cpp/client/credentials_test.cc
+++ b/test/cpp/client/credentials_test.cc
@@ -45,15 +45,6 @@ class CredentialsTest : public ::testing::Test {
protected:
};
-TEST_F(CredentialsTest, InvalidSslCreds) {
- std::unique_ptr<Credentials> bad1 =
- CredentialsFactory::SslCredentials({"", "", ""});
- EXPECT_EQ(nullptr, bad1.get());
- std::unique_ptr<Credentials> bad2 =
- CredentialsFactory::SslCredentials({"", "bla", "bla"});
- EXPECT_EQ(nullptr, bad2.get());
-}
-
TEST_F(CredentialsTest, InvalidServiceAccountCreds) {
std::unique_ptr<Credentials> bad1 =
CredentialsFactory::ServiceAccountCredentials("", "",
diff --git a/test/cpp/interop/server.cc b/test/cpp/interop/server.cc
index 561b134c279081c518f2ead5475b93ec27f44d68..5b5c35416ca2e152702517309478ab869507698d 100644
--- a/test/cpp/interop/server.cc
+++ b/test/cpp/interop/server.cc
@@ -203,11 +203,7 @@ void RunServer() {
builder.RegisterService(service.service());
if (FLAGS_enable_ssl) {
SslServerCredentialsOptions ssl_opts = {
- "",
- {reinterpret_cast<const char*>(test_server1_key),
- test_server1_key_size},
- {reinterpret_cast<const char*>(test_server1_cert),
- test_server1_cert_size}};
+ "", {{test_server1_key, test_server1_cert}}};
std::shared_ptr<ServerCredentials> creds =
ServerCredentialsFactory::SslCredentials(ssl_opts);
builder.SetCredentials(creds);
diff --git a/test/cpp/util/create_test_channel.cc b/test/cpp/util/create_test_channel.cc
index f0d35d98c2bf8e67d30251ec2033c90f85ef044d..68f6244a5391a6f61157db30179f35ef920cb68a 100644
--- a/test/cpp/util/create_test_channel.cc
+++ b/test/cpp/util/create_test_channel.cc
@@ -56,11 +56,8 @@ std::shared_ptr<ChannelInterface> CreateTestChannel(
ChannelArguments channel_args;
if (enable_ssl) {
const char* roots_certs =
- use_prod_roots ? reinterpret_cast<const char*>(prod_roots_certs)
- : reinterpret_cast<const char*>(test_root_cert);
- unsigned int roots_certs_size =
- use_prod_roots ? prod_roots_certs_size : test_root_cert_size;
- SslCredentialsOptions ssl_opts = {{roots_certs, roots_certs_size}, "", ""};
+ use_prod_roots ? prod_roots_certs : test_root_cert;
+ SslCredentialsOptions ssl_opts = {roots_certs, "", ""};
std::unique_ptr<Credentials> creds =
CredentialsFactory::SslCredentials(ssl_opts);