add APIs to select names

grpc · Sep 8, 2020 · e580c31 · e580c31
1 parent ca3e872
commit e580c31
Showing 1 changed file with 16 additions and 5 deletions.
diff --git a/L46-core-tls-credential-API.md b/L46-core-tls-credential-API.md
@@ -51,7 +51,8 @@ This is based on some recent user requirement, and it may also be used as the CR
 This part of the proposal introduces changes made to existing TLS credential APIs. Changes include:
 1. Replacing all the occurrence of "*_server_authorization_*" to "*_authorization_"
 2. Removing `grpc_tls_key_materials_config`, `grpc_tls_credential_reload_config` and `grpc_tls_credential_reload_arg` 
-3. Adding API `grpc_tls_credentials_options_set_certificate_provider`, `grpc_ssl_server_credentials_set_min_tls_version` and `grpc_ssl_server_credentials_set_max_tls_version`
+3. Adding API `grpc_tls_credentials_options_set_certificate_provider`, `grpc_tls_server_credentials_set_min_tls_version` and `grpc_tls_server_credentials_set_max_tls_version`
+4. Adding API `grpc_tls_credentials_options_set_root_cert_name` and `grpc_tls_credentials_options_set_identity_cert_name`
 
 Here is how the API would look like after these changes. For simplicity, all the comments are omitted.
 
@@ -79,19 +80,27 @@ GRPCAPI int grpc_tls_credentials_options_set_authorization_check_config(
     grpc_tls_credentials_options* options,
     grpc_tls_authorization_check_config* config);
 
+GRPCAPI int grpc_tls_credentials_options_set_root_cert_name(
+    grpc_tls_credentials_options* options,
+    const char* root_cert_name);
+
+GRPCAPI int grpc_tls_credentials_options_set_identity_cert_name(
+    grpc_tls_credentials_options* options,
+    const char* identity_cert_name);
+
 /** Sets the credential provider. */
 GRPCAPI int grpc_tls_credentials_options_set_certificate_provider(
     grpc_tls_credentials_options* options,
     grpc_tls_certificate_provider* provider);
 
 /** Sets the minimum TLS version that will be negotiated during the TLS
     handshake.  */
-GRPCAPI void grpc_ssl_server_credentials_set_min_tls_version(grpc_tls_credentials_options* options,
+GRPCAPI void grpc_tls_server_credentials_set_min_tls_version(grpc_tls_credentials_options* options,
     grpc_tls_version min_tls_version);
 
 /** Sets the maximum TLS version that will be negotiated during the TLS
     handshake. */
-GRPCAPI void grpc_ssl_server_credentials_set_max_tls_version(grpc_tls_credentials_options* options, 
+GRPCAPI void grpc_tls_server_credentials_set_max_tls_version(grpc_tls_credentials_options* options, 
     grpc_tls_version max_tls_version);
 
 typedef struct grpc_tls_authorization_check_arg grpc_tls_authorization_check_arg;
@@ -206,8 +215,10 @@ grpc_tls_credentials_options* options = grpc_tls_credentials_options_create();
 grpc_tls_credentials_options_set_verification_option(options, GRPC_TLS_SKIP_HOSTNAME_VERIFICATION);
 grpc_tls_authorization_check_config* config = grpc_tls_authorization_check_config_create(.....);
 grpc_tls_credentials_options_set_authorization_check_config(options, config);
-grpc_ssl_server_credentials_set_min_tls_version(options, TLS1_2);
-grpc_ssl_server_credentials_set_max_tls_version(options, TLS1_3);
+grpc_tls_server_credentials_set_min_tls_version(options, TLS1_2);
+grpc_tls_server_credentials_set_max_tls_version(options, TLS1_3);
+grpc_tls_credentials_options_set_root_cert_name(options, "root_PEM_certs");
+grpc_tls_credentials_options_set_identity_cert_name(options, "identity_PEM_certs");
 /* Use the file-based provider for reloading certificates. */
 grpc_tls_certificate_provider* file_provider = grpc_tls_certificate_provider_file_watcher_create(...);
 grpc_tls_credentials_options_set_certificate_provider(options, file_provider);