8000 [Security - Revocation] Crl backport to 1.59 by gtcooke94 · Pull Request #34926 · grpc/grpc · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security - Revocation] Crl backport to 1.59 #34926

Merged
merged 7 commits into from
Nov 15, 2023
Merged

[Security - Revocation] Crl backport to 1.59 #34926

merged 7 commits into from
Nov 15, 2023

Conversation

gtcooke94
Copy link
Contributor

Backport CRL provider and directory reloader PRs to 1.59

@gtcooke94 gtcooke94 requested a review from markdroth November 13, 2023 20:13
markdroth
markdroth reviewed Nov 13, 2023
View reviewed changes
src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc Outdated
@@ -20,6 +20,12 @@

#include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"

<<<<<<< HEAD
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like there are some unresolved merge conflicts.

gtcooke94 and others added 2 commits November 13, 2023 20:21
@gtcooke94
[TLS - Revocation] Crl Provider (grpc#34715)
d1ae64f 
This reverts commit 7af5efc.
@gtcooke94
[Security - Revocation] Crl Directory Watcher Implementation (grpc#34749
6c25cf1 
)

This adds the directory reloader implementation of the CrlProvider. This
will periodically reload CRL files in a directory per [gRFC
A69](grpc/proposal#382)

Included in this is the following:
* A public API to create the `DirectoryReloaderCrlProvider`
* A basic directory interface in gprpp and platform specific impls for
getting the list of files in a directory (unfortunately prior C++17,
there is no std::filesystem, so we have to have platform specific impls)
* The implementation of `DirectoryReloaderCrlProvider` takes an
event_engine and a directory interface. This allows us to test using the
fuzzing event engine for time mocking, and to implement a test directory
interface so we avoid having to make temporary directories and files in
the tests. This is notably not in `include`, and the
`CreateDirectoryReloaderCrlProvider` is the only way to construct one
from the public API, so we don't expose the event engine and directory
details to the user.

---------

Co-authored-by: gtcooke94 <gtcooke94@users.noreply.github.com>
@gtcooke94 gtcooke94 changed the title Crl backport [Security - Revocation] Crl backport to 1.59 Nov 13, 2023
@erm-g erm-g added the release notes: no Indicates if PR should not be in release notes label Nov 14, 2023
@gtcooke94 gtcooke94 requested a review from markdroth November 14, 2023 21:29
@gtcooke94 gtcooke94 merged commit f1d14f7 into grpc:v1.59.x Nov 15, 2023
@gnossen gnossen added release notes: yes Indicates if PR needs to be in release notes and removed release notes: no Indicates if PR should not be in release notes labels Nov 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markdroth markdroth markdroth approved these changes

Assignees
No one assigned
Labels
area/security bloat/medium disposition/ready to merge lang/c++ lang/core per-call-memory/neutral per-channel-memory/neutral release notes: yes Indicates if PR needs to be in release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@gtcooke94 @markdroth @gnossen @grpc-kokoro @erm-g
0