Imported Upstream version 1.27.0

[platform/upstream/grpc.git] / src / core / tsi / ssl_transport_security.h

diff --git a/src/core/tsi/ssl_transport_security.h b/src/core/tsi/ssl_transport_security.h
index dba7110..ae1e413 100644 (file)
--- a/src/core/tsi/ssl_transport_security.h
+++ b/src/core/tsi/ssl_transport_security.h
@@ -24,6 +24,10 @@
 #include "src/core/lib/gprpp/string_view.h"
 #include "src/core/tsi/transport_security_interface.h"
 
+extern "C" {
+#include <openssl/x509.h>
+}
+
 /* Value for the TSI_CERTIFICATE_TYPE_PEER_PROPERTY property for X509 certs. */
 #define TSI_X509_CERTIFICATE_TYPE "X509"
 
@@ -35,6 +39,8 @@
 
 #define TSI_X509_PEM_CERT_PROPERTY "x509_pem_cert"
 
+#define TSI_X509_PEM_CERT_CHAIN_PROPERTY "x509_pem_cert_chain"
+
 #define TSI_SSL_ALPN_SELECTED_PROTOCOL "ssl_alpn_selected_protocol"
 
 /* --- tsi_ssl_root_certs_store object ---
@@ -142,6 +148,9 @@ struct tsi_ssl_client_handshaker_options {
   /* ssl_session_cache is a cache for reusable client-side sessions. */
   tsi_ssl_session_cache* session_cache;
 
+  /* skip server certificate verification. */
+  bool skip_server_certificate_verification;
+
   tsi_ssl_client_handshaker_options()
       : pem_key_cert_pair(nullptr),
         pem_root_certs(nullptr),
@@ -149,7 +158,8 @@ struct tsi_ssl_client_handshaker_options {
         cipher_suites(nullptr),
         alpn_protocols(nullptr),
         num_alpn_protocols(0),
-        session_cache(nullptr) {}
+        session_cache(nullptr),
+        skip_server_certificate_verification(false) {}
 };
 
 /* Creates a client handshaker factory.
@@ -336,4 +346,8 @@ const tsi_ssl_handshaker_factory_vtable* tsi_ssl_handshaker_factory_swap_vtable(
 tsi_result tsi_ssl_extract_x509_subject_names_from_pem_cert(
     const char* pem_cert, tsi_peer* peer);
 
+/* Exposed for testing only. */
+tsi_result tsi_ssl_get_cert_chain_contents(STACK_OF(X509) * peer_chain,
+                                           tsi_peer_property* property);
+
 #endif /* GRPC_CORE_TSI_SSL_TRANSPORT_SECURITY_H */