summaryrefslogtreecommitdiff
path: root/vendor/google.golang.org/grpc/credentials/tls.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/google.golang.org/grpc/credentials/tls.go')
-rw-r--r--vendor/google.golang.org/grpc/credentials/tls.go16
1 files changed, 16 insertions, 0 deletions
diff --git a/vendor/google.golang.org/grpc/credentials/tls.go b/vendor/google.golang.org/grpc/credentials/tls.go
index bd5fe22b6..20f65f7bd 100644
--- a/vendor/google.golang.org/grpc/credentials/tls.go
+++ b/vendor/google.golang.org/grpc/credentials/tls.go
@@ -22,6 +22,7 @@ import (
"context"
"crypto/tls"
"crypto/x509"
+ "errors"
"fmt"
"net"
"net/url"
@@ -50,6 +51,21 @@ func (t TLSInfo) AuthType() string {
return "tls"
}
+// ValidateAuthority validates the provided authority being used to override the
+// :authority header by verifying it against the peer certificates. It returns a
+// non-nil error if the validation fails.
+func (t TLSInfo) ValidateAuthority(authority string) error {
+ var errs []error
+ for _, cert := range t.State.PeerCertificates {
+ var err error
+ if err = cert.VerifyHostname(authority); err == nil {
+ return nil
+ }
+ errs = append(errs, err)
+ }
+ return fmt.Errorf("credentials: invalid authority %q: %v", authority, errors.Join(errs...))
+}
+
// cipherSuiteLookup returns the string version of a TLS cipher suite ID.
func cipherSuiteLookup(cipherSuiteID uint16) string {
for _, s := range tls.CipherSuites() {
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-02 15:55:29 +0000