From 7dfffe5ce97cdbce6793670e68413eb8bf8ce833 Mon Sep 17 00:00:00 2001 From: klzgrad Date: Sun, 10 Dec 2023 19:12:48 +0800 Subject: [PATCH] cert: Use builtin verifier on Android and Linux --- src/net/BUILD.gn | 2 +- src/net/cert/ev_root_ca_metadata.h | 2 +- src/net/features.gni | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/net/BUILD.gn b/src/net/BUILD.gn index 20b4fed94c..fe0a49b2bf 100644 --- a/src/net/BUILD.gn +++ b/src/net/BUILD.gn @@ -1106,7 +1106,6 @@ component("net") { "android/network_library.h", "android/traffic_stats.h", "cert/cert_verify_proc_android.h", - "cert/test_root_certs_android.cc", "proxy_resolution/proxy_config_service_android.h", ] } @@ -1149,6 +1148,7 @@ component("net") { "base/network_interfaces_linux.cc", "base/network_interfaces_linux.h", "base/platform_mime_util_linux.cc", + "cert/test_root_certs_builtin.cc", ] } diff --git a/src/net/cert/ev_root_ca_metadata.h b/src/net/cert/ev_root_ca_metadata.h index c1a31c7d64..b162d15709 100644 --- a/src/net/cert/ev_root_ca_metadata.h +++ b/src/net/cert/ev_root_ca_metadata.h @@ -17,7 +17,7 @@ #include "net/cert/x509_certificate.h" #if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || \ - BUILDFLAG(IS_FUCHSIA) + BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX) // When not defined, the EVRootCAMetadata singleton is a dumb placeholder // implementation that will fail all EV lookup operations. #define PLATFORM_USES_CHROMIUM_EV_METADATA diff --git a/src/net/features.gni b/src/net/features.gni index 8027cbae17..fd51c82b59 100644 --- a/src/net/features.gni +++ b/src/net/features.gni @@ -46,11 +46,11 @@ declare_args() { # flag is false, verification may be done with the platform verifier or the # builtin verifier using platform roots, depending on the platform. # See https://crbug.com/1216547 for status. - chrome_root_store_optional = is_android && !is_cronet_build + chrome_root_store_optional = false # Platforms for which certificate verification can only be performed using # the builtin cert verifier with the Chrome Root Store. - chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos + chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos || is_android } assert(!chrome_root_store_optional || !chrome_root_store_only,