Function grpcio_sys::grpc_ssl_credentials_create
source · pub unsafe extern "C" fn grpc_ssl_credentials_create(
pem_root_certs: *const c_char,
pem_key_cert_pair: *mut grpc_ssl_pem_key_cert_pair,
verify_options: *const verify_peer_options,
reserved: *mut c_void
) -> *mut grpc_channel_credentials
Expand description
Deprecated in favor of grpc_ssl_server_credentials_create_ex. It will be removed after all of its call sites are migrated to grpc_ssl_server_credentials_create_ex. Creates an SSL credentials object. The security level of the resulting connection is GRPC_PRIVACY_AND_INTEGRITY.
- pem_root_certs is the NULL-terminated string containing the PEM encoding of the server root certificates. If this parameter is NULL, the implementation will first try to dereference the file pointed by the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable, and if that fails, try to get the roots set by grpc_override_ssl_default_roots. Eventually, if all these fail, it will try to get the roots from a well-known place on disk (in the grpc install directory).
gRPC has implemented root cache if the underlying OpenSSL library supports it. The gRPC root certificates cache is only applicable on the default root certificates, which is used when this parameter is nullptr. If user provides their own pem_root_certs, when creating an SSL credential object, gRPC would not be able to cache it, and each subchannel will generate a copy of the root store. So it is recommended to avoid providing large room pem with pem_root_certs parameter to avoid excessive memory consumption, particularly on mobile platforms such as iOS.
- pem_key_cert_pair is a pointer on the object containing client’s private key and certificate chain. This parameter can be NULL if the client does not have such a key/cert pair.
- verify_options is an optional verify_peer_options object which holds additional options controlling how peer certificates are verified. For example, you can supply a callback which receives the peer’s certificate with which you can do additional verification. Can be NULL, in which case verification will retain default behavior. Any settings in verify_options are copied during this call, so the verify_options object can be released afterwards.