Skip to content

[Security] Move ownership of tsi_ssl_client_handshaker_factory to grpc_ssl_credentials.#34180

Merged
gtcooke94 merged 31 commits intogrpc:masterfrom
gtcooke94:SSL_CTX_new_refactor
Sep 14, 2023
Merged

[Security] Move ownership of tsi_ssl_client_handshaker_factory to grpc_ssl_credentials.#34180
gtcooke94 merged 31 commits intogrpc:masterfrom
gtcooke94:SSL_CTX_new_refactor

Conversation

@gtcooke94
Copy link
Copy Markdown
Contributor

@gtcooke94 gtcooke94 commented Aug 28, 2023

Move the SSL_CTX to the level of the credentials rather than the subchannel.
The SSL_CTX should only get created once per credential rather than once per subchannel.

We should observe no behavior change with this PR, only efficiency gains.

@gtcooke94 gtcooke94 changed the title Ssl ctx new refactor [Security] SSL_CTX_new refactor Aug 28, 2023
@gtcooke94 gtcooke94 added area/security release notes: no Indicates if PR should not be in release notes labels Aug 28, 2023
@gtcooke94 gtcooke94 force-pushed the SSL_CTX_new_refactor branch from 6b2e1c0 to 295afa6 Compare August 28, 2023 20:03
matthewstevenson88
matthewstevenson88 reviewed Sep 14, 2023
View reviewed changes
tools/run_tests/run_tests.py Outdated
sys.path.append(gcp_utils_dir)

_ROOT = os.path.abspath(os.path.join(os.path.dirname(sys.argv[0]), "../.."))
_ROOT = os.path.abspath(os.path.join(os.path.dirname(sys.argv[0]), "..", ".."))
Copy link
Copy Markdown
Contributor

@matthewstevenson88 matthewstevenson88 Sep 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need the changes in this file? Should they be reverted?

Copy link
Copy Markdown
Contributor Author

@gtcooke94 gtcooke94 Sep 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are actually related to the test-pr, this diff should go away when this gets refreshed to the new master

Copy link
Copy Markdown
Contributor Author

@gtcooke94 gtcooke94 Sep 14, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I'm wrong, changing this back

matthewstevenson88
matthewstevenson88 approved these changes Sep 14, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@matthewstevenson88 matthewstevenson88 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@gtcooke94 gtcooke94 merged commit 36dc5e7 into grpc:master Sep 14, 2023
@gtcooke94 gtcooke94 mentioned this pull request Sep 14, 2023
Closed
nanahpang added a commit that referenced this pull request Sep 14, 2023
@nanahpang
Revert "[Security] Move ownership of tsi_ssl_client_handshaker_factor…
ce9c113 
…y to grpc_ssl_credentials. (#34180)"

This reverts commit 36dc5e7.
@nanahpang nanahpang mentioned this pull request Sep 14, 2023
Merged
ctiller pushed a commit that referenced this pull request Sep 14, 2023
@nanahpang
Revert "[Security] Move ownership of tsi_ssl_client_handshaker_factor…
a4ac80c 
…y to grpc_ssl_credentials." (#34355)

Reverts #34180
@copybara-service copybara-service bot added the imported Specifies if the PR has been imported to the internal repository label Sep 14, 2023
@gtcooke94 gtcooke94 mentioned this pull request Sep 19, 2023
Merged
gtcooke94 added a commit that referenced this pull request Sep 21, 2023
@gtcooke94
[Security] Move ownership of tsi_ssl_client_handshaker_factory to grp…
aa17285 
…c_ssl_credentials, version 2. (#34408)

Revert the reversion of the SSL_CTX_new change (#34355 reverted #34180 )
with a fix.

There was an issue with using `strcpy` on a `new[] string` in the
constructor of `ssl_credentials`. An ASAN test caught this in some CI
down the line - `ERROR: AddressSanitizer: alloc-dealloc-mismatch
(operator new [] vs free)`

That `strcpy` call was changed to `grp_strdup` which duplicates a string
in a way that can be freed by `gpr_free` and should resolve the ASAN
failure.
@matthewstevenson88 matthewstevenson88 mentioned this pull request Jun 25, 2025
Closed
@ti-chi-bot ti-chi-bot bot mentioned this pull request Jul 29, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matthewstevenson88 matthewstevenson88 matthewstevenson88 approved these changes

Assignees

No one assigned

Labels

area/security bloat/none imported Specifies if the PR has been imported to the internal repository lang/c++ lang/core per-call-memory/neutral per-channel-memory/neutral release notes: no Indicates if PR should not be in release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gtcooke94 @matthewstevenson88 @grpc-kokoro