Skip to content

[TlsCredentials] allow using a separate cert provider for root and identity certs#41445

Closed
anniefrchz wants to merge 8 commits intogrpc:masterfrom
anniefrchz:providers_split
Closed

[TlsCredentials] allow using a separate cert provider for root and identity certs#41445
anniefrchz wants to merge 8 commits intogrpc:masterfrom
anniefrchz:providers_split

Conversation

@anniefrchz
Copy link
Copy Markdown
Contributor

@anniefrchz anniefrchz commented Jan 20, 2026

No description provided.

@anniefrchz anniefrchz added kokoro:force-run release notes: no Indicates if PR should not be in release notes and removed lang/c++ lang/ruby lang/core labels Jan 20, 2026
@anniefrchz anniefrchz assigned anniefrchz and unassigned yuanweiz Jan 20, 2026
@anniefrchz anniefrchz requested a review from gtcooke94 January 20, 2026 21:54
@anniefrchz anniefrchz marked this pull request as ready for review January 20, 2026 21:54
@anniefrchz anniefrchz requested a review from markdroth as a code owner January 20, 2026 21:54
@markdroth markdroth changed the title Split providers [TlsCredentials] allow using a separate cert provider for root and identity certs Jan 22, 2026
markdroth
markdroth reviewed Jan 22, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@markdroth markdroth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this!

Please let me know if you have any questions. Thanks!

gtcooke94
gtcooke94 reviewed Jan 22, 2026
View reviewed changes
markdroth
markdroth approved these changes Jan 23, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@markdroth markdroth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great!

gtcooke94
gtcooke94 approved these changes Jan 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gtcooke94 gtcooke94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@anniefrchz anniefrchz mentioned this pull request Jan 26, 2026
Closed
copybara-service bot pushed a commit that referenced this pull request Jan 30, 2026
@anniefrchz @copybara-github
[TlsCredentials]: Reapply allow using a separate cert provider for ro…
be9dd06 
…ot and identity certs (#41490)

This PR is a reapply of[ PR#41445](#41445).
A bug was introduced during the C++ TLSCredentialsOptions configuration where setting a legacy watch_root_cert or watch_identity_cert before actually setting the certificate provider would end up ignoring the legacy certificate provider.

For this PR, make sure that the TLSCredentialsObject does not assign legacy providers until the TlsCredentials object is built. SecureCredentials and SecureServerCredentials use TlsCredentialsOptions::c_credentials_options() to make a deep copy of the c-core tls_credentials_object previous to buil the TlsCredentials.

Closes #41490

COPYBARA_INTEGRATE_REVIEW=#41490 from anniefrchz:re_apply_split_providers 6f71593
PiperOrigin-RevId: 863326515
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gtcooke94 gtcooke94 gtcooke94 approved these changes

@markdroth markdroth markdroth approved these changes

Assignees

@anniefrchz anniefrchz

Labels

bloat/low lang/c++ lang/core lang/Python lang/ruby release notes: no Indicates if PR should not be in release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@anniefrchz @gtcooke94 @markdroth @yuanweiz @grpc-kokoro