GRPC Core  43.0.0
grpc_security_constants.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2016 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPC_GRPC_SECURITY_CONSTANTS_H
20 #define GRPC_GRPC_SECURITY_CONSTANTS_H
21 
22 #ifdef __cplusplus
23 extern "C" {
24 #endif
25 
26 #define GRPC_TRANSPORT_SECURITY_TYPE_PROPERTY_NAME "transport_security_type"
27 #define GRPC_SSL_TRANSPORT_SECURITY_TYPE "ssl"
28 #define GRPC_TLS_TRANSPORT_SECURITY_TYPE "tls"
29 
30 #define GRPC_X509_CN_PROPERTY_NAME "x509_common_name"
31 #define GRPC_X509_SUBJECT_PROPERTY_NAME "x509_subject"
32 #define GRPC_X509_SAN_PROPERTY_NAME "x509_subject_alternative_name"
33 #define GRPC_X509_PEM_CERT_PROPERTY_NAME "x509_pem_cert"
34 // Please note that internally, we just faithfully pass whatever value we got by
35 // calling SSL_get_peer_cert_chain() in OpenSSL/BoringSSL. This will mean in
36 // OpenSSL, the following conditions might apply:
37 // 1. On the client side, this property returns the full certificate chain. On
38 // the server side, this property will return the certificate chain without the
39 // leaf certificate. Application can use GRPC_X509_PEM_CERT_PROPERTY_NAME to
40 // get the peer leaf certificate.
41 // 2. If the session is resumed, this property could be empty for OpenSSL (but
42 // not for BoringSSL).
43 // For more, please refer to the official OpenSSL manual:
44 // https://www.openssl.org/docs/man1.1.0/man3/SSL_get_peer_cert_chain.html.
45 #define GRPC_X509_PEM_CERT_CHAIN_PROPERTY_NAME "x509_pem_cert_chain"
46 #define GRPC_SSL_SESSION_REUSED_PROPERTY "ssl_session_reused"
47 #define GRPC_TRANSPORT_SECURITY_LEVEL_PROPERTY_NAME "security_level"
48 #define GRPC_PEER_DNS_PROPERTY_NAME "peer_dns"
49 #define GRPC_PEER_SPIFFE_ID_PROPERTY_NAME "peer_spiffe_id"
50 #define GRPC_PEER_URI_PROPERTY_NAME "peer_uri"
51 #define GRPC_PEER_EMAIL_PROPERTY_NAME "peer_email"
52 #define GRPC_PEER_IP_PROPERTY_NAME "peer_ip"
53 
57 #define GRPC_DEFAULT_SSL_ROOTS_FILE_PATH_ENV_VAR \
58  "GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"
59 
63 #define GRPC_GOOGLE_CREDENTIALS_ENV_VAR "GOOGLE_APPLICATION_CREDENTIALS"
64 
66 typedef enum {
71 
73 typedef enum {
78 
79 typedef enum {
127 
128 /* Security levels of grpc transport security. It represents an inherent
129  * property of a backend connection and is determined by a channel credential
130  * used to create the connection. */
131 typedef enum {
138 
143 typedef enum { UDS = 0, LOCAL_TCP } grpc_local_connect_type;
144 
146 typedef enum { TLS1_2, TLS1_3 } grpc_tls_version;
147 
148 #ifdef __cplusplus
149 }
150 #endif
151 
152 #endif /* GRPC_GRPC_SECURITY_CONSTANTS_H */
GRPC_SECURITY_MIN
@ GRPC_SECURITY_MIN
Definition: grpc_security_constants.h:132
grpc_ssl_certificate_config_reload_status
grpc_ssl_certificate_config_reload_status
Callback results for dynamically loading a SSL certificate config.
Definition: grpc_security_constants.h:73
TLS1_3
@ TLS1_3
Definition: grpc_security_constants.h:146
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY
@ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_AND_VERIFY
Server requests client certificate but does not enforce that the client presents a certificate.
Definition: grpc_security_constants.h:105
LOCAL_TCP
@ LOCAL_TCP
Definition: grpc_security_constants.h:143
GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY
@ GRPC_SSL_REQUEST_CLIENT_CERTIFICATE_BUT_DONT_VERIFY
Server requests client certificate but does not enforce that the client presents a certificate.
Definition: grpc_security_constants.h:94
GRPC_SECURITY_NONE
@ GRPC_SECURITY_NONE
Definition: grpc_security_constants.h:133
GRPC_SSL_ROOTS_OVERRIDE_FAIL
@ GRPC_SSL_ROOTS_OVERRIDE_FAIL
Do not try fallback options.
Definition: grpc_security_constants.h:69
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED
@ GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_UNCHANGED
Definition: grpc_security_constants.h:74
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW
@ GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_NEW
Definition: grpc_security_constants.h:75
grpc_ssl_roots_override_result
grpc_ssl_roots_override_result
Results for the SSL roots override callback.
Definition: grpc_security_constants.h:66
GRPC_SSL_ROOTS_OVERRIDE_OK
@ GRPC_SSL_ROOTS_OVERRIDE_OK
Definition: grpc_security_constants.h:67
GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL
@ GRPC_SSL_CERTIFICATE_CONFIG_RELOAD_FAIL
Definition: grpc_security_constants.h:76
grpc_ssl_client_certificate_request_type
grpc_ssl_client_certificate_request_type
Definition: grpc_security_constants.h:79
grpc_tls_version
grpc_tls_version
The TLS versions that are supported by the SSL stack.
Definition: grpc_security_constants.h:146
GRPC_INTEGRITY_ONLY
@ GRPC_INTEGRITY_ONLY
Definition: grpc_security_constants.h:134
UDS
@ UDS
Definition: grpc_security_constants.h:143
grpc_security_level
grpc_security_level
Definition: grpc_security_constants.h:131
TLS1_2
@ TLS1_2
Definition: grpc_security_constants.h:146
GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY
@ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_BUT_DONT_VERIFY
Server requests client certificate and enforces that the client presents a certificate.
Definition: grpc_security_constants.h:115
GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE
@ GRPC_SSL_DONT_REQUEST_CLIENT_CERTIFICATE
Server does not request client certificate.
Definition: grpc_security_constants.h:84
GRPC_PRIVACY_AND_INTEGRITY
@ GRPC_PRIVACY_AND_INTEGRITY
Definition: grpc_security_constants.h:135
GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
@ GRPC_SSL_REQUEST_AND_REQUIRE_CLIENT_CERTIFICATE_AND_VERIFY
Server requests client certificate and enforces that the client presents a certificate.
Definition: grpc_security_constants.h:125
GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY
@ GRPC_SSL_ROOTS_OVERRIDE_FAIL_PERMANENTLY
Definition: grpc_security_constants.h:68
grpc_local_connect_type
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:143
GRPC_SECURITY_MAX
@ GRPC_SECURITY_MAX
Definition: grpc_security_constants.h:136