Add an option to set 'certificateVerification' to the client builder (#…

…980) Motivation: We allow users to set the `certificateVerification` if they configure their client directly using `ClientConnection.Configuration` but not via the builder API. Modifications: - Add `withTLS(certificateVerification:)` to the client connection builder. (The same option is already available on the server builder) Result: Users can set the certificate verification mode on the client builder.
grpc · Sep 30, 2020 · e2e138d · e2e138d
1 parent 5c20271
commit e2e138d
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 0 deletions.
diff --git a/Sources/GRPC/GRPCChannel/GRPCChannelBuilder.swift b/Sources/GRPC/GRPCChannel/GRPCChannelBuilder.swift
@@ -227,6 +227,14 @@ extension ClientConnection.Builder.Secure {
     self.tls.trustRoots = trustRoots
     return self
   }
+
+  /// Whether to verify remote certificates. Defaults to `.fullVerification` if not otherwise
+  /// configured.
+  @discardableResult
+  public func withTLS(certificateVerification: CertificateVerification) -> Self {
+    self.tls.certificateVerification = certificateVerification
+    return self
+  }
 }
 
 extension ClientConnection.Builder {

diff --git a/Tests/GRPCTests/ClientTLSTests.swift b/Tests/GRPCTests/ClientTLSTests.swift
@@ -111,4 +111,29 @@ class ClientTLSHostnameOverrideTests: GRPCTestCase {
 
     try self.doTestUnary()
   }
+
+  func testTLSWithNoCertificateVerification() throws {
+    self.server = try Server.secure(
+      group: self.eventLoopGroup,
+      certificateChain: [SampleCertificate.server.certificate],
+      privateKey: SamplePrivateKey.server
+    )
+    .withServiceProviders([EchoProvider()])
+    .withLogger(self.serverLogger)
+    .bind(host: "localhost", port: 0)
+    .wait()
+
+    guard let port = self.server.channel.localAddress?.port else {
+      XCTFail("could not get server port")
+      return
+    }
+
+    self.connection = ClientConnection.secure(group: self.eventLoopGroup)
+      .withTLS(trustRoots: .certificates([]))
+      .withTLS(certificateVerification: .none)
+      .withBackgroundActivityLogger(self.clientLogger)
+      .connect(host: "localhost", port: port)
+
+    try self.doTestUnary()
+  }
 }
diff --git a/Tests/GRPCTests/XCTestManifests.swift b/Tests/GRPCTests/XCTestManifests.swift
@@ -96,6 +96,7 @@ extension ClientTLSHostnameOverrideTests {
     // to regenerate.
     static let __allTests__ClientTLSHostnameOverrideTests = [
         ("testTLSWithHostnameOverride", testTLSWithHostnameOverride),
+        ("testTLSWithNoCertificateVerification", testTLSWithNoCertificateVerification),
         ("testTLSWithoutHostnameOverride", testTLSWithoutHostnameOverride),
     ]
 }