Re: [grpc-io] Re: C++ gRPC with PKCS#11

['Luwei Ge' via grpc.io]

>
> Unless the community position is to let the users themselves build the
> grpc lib with whatever opssl version they prefer.
>

gRPC only builds with BoringSSL with Bazel and can build with a list of
supported OpenSSL versions with CMake. The OpenSSL is not packaged inside
the library.

As a user of C++ gRPC standard library, I have hard time to understand why
> this pkcs#11 access to TLS credentials is not provided as part of the
> standard gRPC API.
>

I think the simple answer is that we don't see many use cases or requests
for this. And external contributions are always welcomed.




On Mon, Sep 18, 2023 at 6:00 AM GoogleUser Zak  wrote:

> As a user of C++ gRPC standard library, I have hard time to understand why
> this pkcs#11 access to TLS credentials is not provided as part of the
> standard gRPC API. This way the user will not have to worry about re
> building the library.
>
> Therefore,  regarding which openssl version to use, if it is packaged
> inside the grpc library, then it will just depend on which version of grpc
> lib is being used.
> So, moving to a new openssl version would just require the user to upgrade
> their grpc library to a new grpc version.
>
> Unless the community position is to let the users themselves build the
> grpc lib with whatever opssl version they prefer.
>
> If someone can shed some light on this, it would be greatly appreciated.
>
> Thanks
>
>
> On Wed, Sept 13, 2023, 3:59 p.m. 'Luwei Ge' via grpc.io <
> grpc-io@googlegroups.com> wrote:
>
>> Hi,
>>
>> I assume you are building gRPC with OpenSSL.
>>
>> 1. We do have some support for the Engine APIs (
>> https://github.com/grpc/grpc/blob/6534f0a6bfc1cfae6db931f9ee16f480de980374/src/core/tsi/ssl_transport_security.cc#L568)
>> of OpenSSL 1.0.2. Unfortunately, because the feature was implemented quite
>> a while ago, the test (
>> https://github.com/grpc/grpc/blob/3717ff04bafd18504d8613d753d4605927305de3/test/core/end2end/h2_ssl_cert_test.cc#L263)
>> has been broken and yet to be fixed. Regardless of the test, if we assume
>> this still works, would it accommodate your use case? Note that you'd be
>> locked into OpenSSL 1.0.2.
>>
>> 2. If the option 1 above is not viable but OpenSSL Engine APIs will
>> indeed solve your problem. Would you be interested in contributing to
>> supporting this feature for more recent OpenSSL versions (namely, OpenSSL
>> 3)?
>>
>> Please let us know if you got any questions.
>>
>> Best,
>> Luwei
>>
>>
>> On Saturday, September 9, 2023 at 5:29:20 PM UTC-4 GoogleUser Zak wrote:
>>
>>> Hi,
>>> I am looking for a GRPC library implementation/version where a C++ gRPC
>>> client, namely CreateChannel(),  can refer to the mTLS private key using
>>> PKCS#11 URI, and therefore the private key doesn't need to be read in the
>>> user space, and will stay in the HSM secure memory.
>>>
>>> Is there a way to use openSSL with pkcs11 engine in the gRPC library? If
>>> so, any pointers about how to create that gRPC library?
>>>
>>> Thanks
>>> --
>>> Hakim
>>>
>>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "grpc.io" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to grpc-io+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/grpc-io/8d002db7-98f7-4a8d-a472-a8e782f934a2n%40googlegroups.com
>> 
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to grpc-io+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/grpc-io/CANHVheP%2BGRp1u%2B%3DeJnREwdAQv%3DjC80jMKsbjErgJzN6M_%3DH%2BXQ%40mail.gmail.com.

[grpc-io] Host your app for free 

[davaughn]

  Hey gRPC Ecosystem, I know you must be busy so I'll keep this short. I took a look at your repo on GitHub (grpc-ecosystem/go-grpc-middleware) and decided to reach out to see if you'd be interested in free hosting. I'm the owner of Klutch.sh, a serverless dev platform that allows you to easily deploy frontend, backend and database apps in minutes. It's built for developers, it's super easy to use, and you won't have to manage servers - which means you can focus on building! 
  
  Here's how it works in a few steps:
  
  After signing up at https://www.klutch.sh: 
  
  1.) Select the repo and branch where your app lives. In this case, it would be grpc-ecosystem/go-grpc-middleware.
  2.) Select the runtime template of the app you wish to deploy.
  3.) Hit deploy. 
  4.) In a few minutes your app will be live.
  5.) Each time you push code to your branch, your app will pick up the changes and re-deploy.
  
  
  And boom, just like that you got yourself free hosting! Would this be something that would be useful to you? Let me know and I'll be happy to give you $30 in free credits to give it a try.

  Happy coding, 
  Davaughn White
  davau...@klutch.sh
  Klutch.sh




-- 
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/Q67mqj7aRrq_uUVosouOkg%40geopod-ismtpd-1.

[grpc-io] Patch Releases for CVE-2023-4785, covering gRPC Core, C++, Python, and Ruby

['AJ Heller' via grpc.io]

Patched versions of the affected gRPC libraries have been released to
address CVE-2023-4785 . *Please
deploy patched libraries if all of the following apply to you:*

 * You are using gRPC C++, Python, or Ruby.
 * You are running a gRPC Server in one of those languages.
 * You are using an unpatched version of the gRPC library.

The following set of releases contain the fix:

 * 1.57.0 and later: https://github.com/grpc/grpc/releases/tag/v1.57.0
 * 1.56.2: https://github.com/grpc/grpc/releases/tag/v1.56.2
 * 1.55.3: https://github.com/grpc/grpc/releases/tag/v1.55.3
 * 1.54.3: https://github.com/grpc/grpc/releases/tag/v1.54.3
 * 1.53.2: https://github.com/grpc/grpc/releases/tag/v1.53.2

Best regards,
-aj


-- 

AJ Heller
Software Engineer

h...@google.com

-- 
You received this message because you are subscribed to the Google Groups 
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to grpc-io+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/grpc-io/CA%2B8UZUvVXRxsmFEKpZ1z2Qisy2wLUGzGGLjHFSGgnhE2ustu1w%40mail.gmail.com.

[grpc-io] Assessment of the difficulty in porting CPU architecture for grpc

[yuxuan wang]

 Hello everyone! I am working on implementing a tool to assess the 
complexity of CPU architecture porting. It primarily focuses on RISC-V 
architecture porting. In fact, the tool may have an average estimate of 
various architecture porting efforts.My focus is on the overall workload 
and difficulty of transplantation in the past and future,even if a project 
has already been ported.As part of my dataset, I have collected the 
**grpc** project. **I would like to gather community opinions to support my 
assessment. I appreciate your help and response!** Based on scanning tools, 
the porting complexity is determined to be simple, with a small amount of 
code related to the CPU architecture in the project.  Is this assessment 
accurate?Do you have any opinions on personnel allocation and consumption 
time？ I look forward to your help and response.

-- 
You received this message because you are subscribed to the Google Groups 
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to grpc-io+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/grpc-io/4ebd7a4b-3c62-46fd-a3fb-040d120deafen%40googlegroups.com.