cert: Use builtin verifier on Android and Linux

This commit is contained in:
klzgrad 2023-12-10 19:12:48 +08:00
parent 1ba5e45de9
commit 7dfffe5ce9
3 changed files with 4 additions and 4 deletions

View File

@ -1106,7 +1106,6 @@ component("net") {
"android/network_library.h", "android/network_library.h",
"android/traffic_stats.h", "android/traffic_stats.h",
"cert/cert_verify_proc_android.h", "cert/cert_verify_proc_android.h",
"cert/test_root_certs_android.cc",
"proxy_resolution/proxy_config_service_android.h", "proxy_resolution/proxy_config_service_android.h",
] ]
} }
@ -1149,6 +1148,7 @@ component("net") {
"base/network_interfaces_linux.cc", "base/network_interfaces_linux.cc",
"base/network_interfaces_linux.h", "base/network_interfaces_linux.h",
"base/platform_mime_util_linux.cc", "base/platform_mime_util_linux.cc",
"cert/test_root_certs_builtin.cc",
] ]
} }

View File

@ -17,7 +17,7 @@
#include "net/cert/x509_certificate.h" #include "net/cert/x509_certificate.h"
#if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || \ #if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_FUCHSIA) BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
// When not defined, the EVRootCAMetadata singleton is a dumb placeholder // When not defined, the EVRootCAMetadata singleton is a dumb placeholder
// implementation that will fail all EV lookup operations. // implementation that will fail all EV lookup operations.
#define PLATFORM_USES_CHROMIUM_EV_METADATA #define PLATFORM_USES_CHROMIUM_EV_METADATA

View File

@ -46,11 +46,11 @@ declare_args() {
# flag is false, verification may be done with the platform verifier or the # flag is false, verification may be done with the platform verifier or the
# builtin verifier using platform roots, depending on the platform. # builtin verifier using platform roots, depending on the platform.
# See https://crbug.com/1216547 for status. # See https://crbug.com/1216547 for status.
chrome_root_store_optional = is_android && !is_cronet_build chrome_root_store_optional = false
# Platforms for which certificate verification can only be performed using # Platforms for which certificate verification can only be performed using
# the builtin cert verifier with the Chrome Root Store. # the builtin cert verifier with the Chrome Root Store.
chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos || is_android
} }
assert(!chrome_root_store_optional || !chrome_root_store_only, assert(!chrome_root_store_optional || !chrome_root_store_only,