Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support test certificates and SSL name override #2754

Merged
merged 19 commits into from
Aug 6, 2015
Merged

Support test certificates and SSL name override #2754

merged 19 commits into from
Aug 6, 2015

Conversation

jcanizales
Copy link
Contributor

Fixes #2429.
(A few of the changes in the diff are from PR #2753.)

By importing GRPCCall+Tests.h one can register SSL config to be used for a specific host.

GRPCHost is used to store channel config, and to create channels on demand with that config. GRPCChannels and configs are composed and cached together.

GRPCSecureChannel is now initialized with (nullable) path to a certificates file and (nullable) name override.

The same mechanism will later be used for creating insecure channels, removing the ability to do it by specifying the HTTP scheme in the address (which was deemed too subtle for its implications).

@jcanizales
Move _channel from GRPCCall into GRPCWrappedCall
3a5253e
@jcanizales
Encapsulate grpc_call creation inside GRPCChannel
bd993df
@jcanizales
Remove GRPCChannel-initWithHost to simplify implementation
148403a
@jcanizales
Let register SSL config per-host.
e8543b0 
Surfaced in GRPCCall+Tests.h

Add GRPCHost to store channel config, and to create channels on demand
with that config. GRPCChannels and configs are cached together.

GRPCSecureChannel is now initialized with (nullable) path to a
certificates file and (nullable) name override.

The same mechanism will be used for creating insecure channels, removing
the ability to do it by specifying the HTTP scheme in the address (which
was deemed too subtle for its implications).
@jcanizales
Clarify comments in GRPCHost.m
000fa38
@jcanizales
GRPCChannel with NULL grpc_channel is nil.
e21b467
@jcanizales jcanizales added this to the Beta milestone Aug 2, 2015
@jcanizales jcanizales mentioned this pull request Aug 2, 2015
Merged
@jcanizales
Copy link
Contributor Author

Diff now that #2753 is merged: https://github.com/grpc/grpc/compare/master...jcanizales:support-test-certificates?expand=1

jcanizales
jcanizales reviewed Aug 3, 2015
View reviewed changes
src/objective-c/GRPCClient/private/GRPCChannel.h
@interface GRPCChannel : NSObject
@property(nonatomic, readonly) struct grpc_channel *unmanagedChannel;
@property(nonatomic) grpc_channel *unmanagedChannel;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Argh, this should still be readonly.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, are you going to change this or not?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops! Done; sorry.

murgatroid99
murgatroid99 reviewed Aug 3, 2015
View reviewed changes
src/objective-c/GRPCClient/private/GRPCSecureChannel.m
NULL)]);
grpc_credentials *certificates = path ? CertificatesAtPath(path) : kDefaultCertificates;

// Ritual to pass the SSL host name override to the C library.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might need other channel arguments at some point. Maybe it would be better to have a more general solution.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I'm totally using the default_authority arg channel you pointed me to, as part of issue #2642. I was thinking of having GRPCChannel get a NSDictionary of arguments. This is all private anyway :)

@murgatroid99 murgatroid99 removed their assignment Aug 3, 2015
@jcanizales
Copy link
Contributor Author

@DavidPhillipOster : This is the first change I've got pending. My teammate Michael did a pass right before going on vacation.

It's made of the following commits. Going commit by commit is slower, but more manageable. The first 3 are just refactoring preparing for the 4th one, which is the interesting one. Clicking on their link will show each's diff:

  1. Move _channel from GRPCCall into GRPCWrappedCall: Refactoring. There's a 1:1 relationship between GRPCCall objects and GRPCWrappedCall objects; so this just encapsulates the _channel ivar.
  2. Encapsulate grpc_call creation inside GRPCChannel: (Suggest to start with this file.) We want the host passed to grpc_channel_create_call to be overriden on a per-channel basis (so that I can connect to a test server in localhost and have the Host header of my RPC be "mytestserver" instead of "localhost"). So this moves the grpc_channel_create_call into GRPCChannel, wherein that argument can be later overriden (the GRPCSecureChannel subclass will).
  3. Remove GRPCChannel-initWithHost to simplify implementation: Refactoring. GRPCChannel is a class cluster. It has a convenience constructor that returns an object from a subclass (basically, secure or insecure channel). The constructor was doing that by allocating the base class and calling an initializer that then created and returned another object. This removes that unnecessary complexity.
  4. Let register SSL config per-host: This is the meat of this change. The commit has a detailed description, but the purpose is to let the user do something like this on their initialization:
#import <GRPCClient/GRPCCall+Tests.h>
...
NSBundle *bundle = [NSBundle bundleForClass:self.class];
NSString *certsPath = [bundle pathForResource:@"TestCertificates.bundle/test-certificates"
                                       ofType:@"pem"];
[GRPCCall useTestCertsPath:certsPath testName:@"foo.test.google.fr" forHost:kLocalSSLHost];

And from then on, all RPCs to that host will use SSL with the provided test parameters.

Finally, there's these 4 trivial fixes: 000fa38, e21b467, 56c6574, 7d261ee.

@jcanizales
Copy link
Contributor Author

Also note that only GRPCCall and GRPCCall+Tests are part of the public interface of the library, all other classes are internal.

@DavidPhillipOster
Copy link

Thanks for the guide. I expect to get to it in about one hour.

On Tue, Aug 4, 2015 at 12:27 PM, Jorge Canizales notifications@github.com
wrote:

Also note that only GRPCCall and GRPCCall+Tests are part of the public
interface of the library, all other classes are internal.


Reply to this email directly or view it on GitHub
#2754 (comment).

jcanizales added a commit that referenced this pull request Aug 6, 2015
@jcanizales
Merge pull request #2754 from jcanizales/support-test-certificates
a3428f3 
Support test certificates and SSL name override in Obj-C
@jcanizales jcanizales merged commit a3428f3 into grpc:master Aug 6, 2015
@jcanizales jcanizales deleted the support-test-certificates branch August 6, 2015 18:38
@lock lock bot locked as resolved and limited conversation to collaborators Jan 30, 2019
apolcyn pushed a commit to apolcyn/grpc that referenced this pull request Jul 18, 2019
@war-turtle @menghanl
doc: fixing link in keepalive docs (grpc#2755)
bc316a5 
The link for enforcement policy in the keepalive docs is wrong.

fixes grpc#2754
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
cla: yes lang/all wrapped languages lang/ObjC
Projects
None yet
Milestone
Beta
Development

Successfully merging this pull request may close these issues.
4 participants
@jcanizales @DavidPhillipOster @murgatroid99 @googlebot