#include "src/core/lib/gprpp/string_view.h"
#include "src/core/tsi/transport_security_interface.h"
+extern "C" {
+#include <openssl/x509.h>
+}
+
/* Value for the TSI_CERTIFICATE_TYPE_PEER_PROPERTY property for X509 certs. */
#define TSI_X509_CERTIFICATE_TYPE "X509"
#define TSI_X509_PEM_CERT_PROPERTY "x509_pem_cert"
+#define TSI_X509_PEM_CERT_CHAIN_PROPERTY "x509_pem_cert_chain"
+
#define TSI_SSL_ALPN_SELECTED_PROTOCOL "ssl_alpn_selected_protocol"
/* --- tsi_ssl_root_certs_store object ---
/* ssl_session_cache is a cache for reusable client-side sessions. */
tsi_ssl_session_cache* session_cache;
+ /* skip server certificate verification. */
+ bool skip_server_certificate_verification;
+
tsi_ssl_client_handshaker_options()
: pem_key_cert_pair(nullptr),
pem_root_certs(nullptr),
cipher_suites(nullptr),
alpn_protocols(nullptr),
num_alpn_protocols(0),
- session_cache(nullptr) {}
+ session_cache(nullptr),
+ skip_server_certificate_verification(false) {}
};
/* Creates a client handshaker factory.
tsi_result tsi_ssl_extract_x509_subject_names_from_pem_cert(
const char* pem_cert, tsi_peer* peer);
+/* Exposed for testing only. */
+tsi_result tsi_ssl_get_cert_chain_contents(STACK_OF(X509) * peer_chain,
+ tsi_peer_property* property);
+
#endif /* GRPC_CORE_TSI_SSL_TRANSPORT_SECURITY_H */