Support grpc_ssl_target_name_override for grpc-web nginx gateway

Author: stanley-cheung

net/grpc/gateway/backend/grpc_backend.cc

@@ -91,8 +91,8 @@ GrpcBackend::~GrpcBackend() {
 
 grpc_channel* GrpcBackend::CreateChannel() {
   return Runtime::Get().GetBackendChannel(
-      address_, use_shared_channel_pool_, ssl_, ssl_pem_root_certs_,
-      ssl_pem_private_key_, ssl_pem_cert_chain_);
+      address_, use_shared_channel_pool_, ssl_, ssl_target_override_,
+      ssl_pem_root_certs_, ssl_pem_private_key_, ssl_pem_cert_chain_);
 }
 
 grpc_call* GrpcBackend::CreateCall() {

net/grpc/gateway/backend/grpc_backend.h

@@ -50,6 +50,9 @@ class GrpcBackend : public Backend {
     use_shared_channel_pool_ = use_shared_channel_pool;
   }
   void set_ssl(bool ssl) { ssl_ = ssl; }
+  void set_ssl_target_override(const string& ssl_target_override) {
+    ssl_target_override_ = ssl_target_override;
+  }
   void set_ssl_pem_root_certs(const string& ssl_pem_root_certs) {
     ssl_pem_root_certs_ = ssl_pem_root_certs;
   }
@@ -83,6 +86,8 @@ class GrpcBackend : public Backend {
   bool use_shared_channel_pool_;
   // True if ssl should be used.
   bool ssl_;
+  // The GRPC SSL target override.
+  string ssl_target_override_;
   // The file location which contains the root certs in pem format.
   string ssl_pem_root_certs_;
   // The file location which contains the client private key in pem format.

net/grpc/gateway/frontend/nginx_http_frontend.cc

@@ -86,6 +86,9 @@ ngx_int_t grpc_gateway_handler(ngx_http_request_t *r) {
   std::string backend_host(reinterpret_cast<char *>(r->host_start),
                            r->host_end - r->host_start);
   std::string backend_method(reinterpret_cast<char *>(r->uri.data), r->uri.len);
+  std::string backend_ssl_target_name_override(
+      reinterpret_cast<char *>(mlcf->grpc_ssl_target_name_override.data),
+      mlcf->grpc_ssl_target_name_override.len);
   std::string backend_ssl_pem_root_certs(
       reinterpret_cast<char *>(mlcf->grpc_ssl_pem_root_certs.data),
       mlcf->grpc_ssl_pem_root_certs.len);
@@ -106,7 +109,8 @@ ngx_int_t grpc_gateway_handler(ngx_http_request_t *r) {
   context->frontend = grpc::gateway::Runtime::Get().CreateNginxFrontend(
       r, backend_address, backend_host, backend_method,
       mlcf->grpc_channel_reuse, mlcf->grpc_client_liveness_detection_interval,
-      mlcf->grpc_ssl, backend_ssl_pem_root_certs, backend_ssl_pem_private_key,
+      mlcf->grpc_ssl, backend_ssl_target_name_override,
+      backend_ssl_pem_root_certs, backend_ssl_pem_private_key,
       backend_ssl_pem_cert_chain);
   ngx_http_set_ctx(r, context, grpc_gateway_module);
   ngx_pool_cleanup_t *http_cleanup =

net/grpc/gateway/runtime/runtime.cc

@@ -123,7 +123,8 @@ std::shared_ptr<Frontend> Runtime::CreateNginxFrontend(
     const string& backend_host, const string& backend_method,
     const ngx_flag_t& channel_reuse,
     const ngx_msec_t& client_liveness_detection_interval,
-    const ngx_flag_t& backend_ssl, const string& backend_ssl_pem_root_certs,
+    const ngx_flag_t& backend_ssl, const string& backend_ssl_target_override,
+    const string& backend_ssl_pem_root_certs,
     const string& backend_ssl_pem_private_key,
     const string& backend_ssl_pem_cert_chain) {
   std::unique_ptr<GrpcBackend> backend(new GrpcBackend());
@@ -134,6 +135,7 @@ std::shared_ptr<Frontend> Runtime::CreateNginxFrontend(
     backend->set_use_shared_channel_pool(true);
   }
   backend->set_ssl(backend_ssl);
+  backend->set_ssl_target_override(backend_ssl_target_override);
   backend->set_ssl_pem_root_certs(backend_ssl_pem_root_certs);
   backend->set_ssl_pem_private_key(backend_ssl_pem_private_key);
   backend->set_ssl_pem_cert_chain(backend_ssl_pem_cert_chain);
@@ -331,6 +333,7 @@ Protocol Runtime::DetectResponseProtocol(ngx_http_request_t* http_request) {
 
 grpc_channel* Runtime::GetBackendChannel(
     const std::string& backend_address, bool use_shared_channel_pool, bool ssl,
+    const std::string& ssl_target_override,
     const std::string& ssl_pem_root_certs,
     const std::string& ssl_pem_private_key,
     const std::string& ssl_pem_cert_chain) {
@@ -347,7 +350,7 @@ grpc_channel* Runtime::GetBackendChannel(
   grpc_arg arg_ssl_target;
   arg_ssl_target.type = GRPC_ARG_STRING;
   arg_ssl_target.key = const_cast<char*>(GRPC_SSL_TARGET_NAME_OVERRIDE_ARG);
-  arg_ssl_target.value.string = const_cast<char*>("grpc.test.google.fr");
+  arg_ssl_target.value.string = const_cast<char*>(ssl_target_override.c_str());
 
   grpc_arg args[] = {arg_max_message_length, arg_ssl_target};
   grpc_channel_args channel_args;

net/grpc/gateway/runtime/runtime.h

@@ -61,7 +61,8 @@ class Runtime {
       const string &host, const string &backend_method,
       const ngx_flag_t &channel_reuse,
       const ngx_msec_t &client_liveness_detection_interval,
-      const ngx_flag_t &backend_ssl, const string &backend_ssl_pem_root_certs,
+      const ngx_flag_t &backend_ssl, const string &backend_ssl_target_override,
+      const string &backend_ssl_pem_root_certs,
       const string &backend_ssl_pem_private_key,
       const string &backend_ssl_pem_cert_chain);
 
@@ -74,6 +75,7 @@ class Runtime {
   // channel if needed.
   grpc_channel *GetBackendChannel(const std::string &backend_address,
                                   bool use_shared_channel_pool, bool ssl,
+                                  const std::string &ssl_target_override,
                                   const std::string &ssl_pem_root_certs,
                                   const std::string &ssl_pem_private_key,
                                   const std::string &ssl_pem_cert_chain);