cert: Use builtin verifier on Android and Linux

This commit is contained in:
klzgrad 2021-05-16 00:46:34 +08:00
parent 32337495b1
commit 8154827db7
5 changed files with 14 additions and 8 deletions

View File

@ -1130,7 +1130,6 @@ component("net") {
"android/radio_activity_tracker.h", "android/radio_activity_tracker.h",
"android/traffic_stats.h", "android/traffic_stats.h",
"cert/cert_verify_proc_android.h", "cert/cert_verify_proc_android.h",
"cert/test_root_certs_android.cc",
"proxy_resolution/proxy_config_service_android.h", "proxy_resolution/proxy_config_service_android.h",
] ]
} }
@ -1172,6 +1171,7 @@ component("net") {
"base/network_interfaces_linux.cc", "base/network_interfaces_linux.cc",
"base/network_interfaces_linux.h", "base/network_interfaces_linux.h",
"base/platform_mime_util_linux.cc", "base/platform_mime_util_linux.cc",
"cert/test_root_certs_builtin.cc",
] ]
} }

View File

@ -78,7 +78,8 @@ bool CertVerifier::RequestParams::operator<(
std::unique_ptr<CertVerifier> CertVerifier::CreateDefaultWithoutCaching( std::unique_ptr<CertVerifier> CertVerifier::CreateDefaultWithoutCaching(
scoped_refptr<CertNetFetcher> cert_net_fetcher) { scoped_refptr<CertNetFetcher> cert_net_fetcher) {
scoped_refptr<CertVerifyProc> verify_proc; scoped_refptr<CertVerifyProc> verify_proc;
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) #if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || \
BUILDFLAG(IS_ANDROID)
verify_proc = verify_proc =
CertVerifyProc::CreateBuiltinVerifyProc(std::move(cert_net_fetcher)); CertVerifyProc::CreateBuiltinVerifyProc(std::move(cert_net_fetcher));
#elif BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) #elif BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED)

View File

@ -52,7 +52,8 @@
#include "third_party/boringssl/src/include/openssl/pool.h" #include "third_party/boringssl/src/include/openssl/pool.h"
#include "url/url_canon.h" #include "url/url_canon.h"
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_MAC) #if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
#include "net/cert/cert_verify_proc_builtin.h" #include "net/cert/cert_verify_proc_builtin.h"
#endif #endif
@ -527,7 +528,8 @@ base::Value CertVerifyParams(X509Certificate* cert,
} // namespace } // namespace
#if !(BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)) #if !(BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || \
BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID))
// static // static
scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc( scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher) { scoped_refptr<CertNetFetcher> cert_net_fetcher) {
@ -546,7 +548,8 @@ scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc(
} }
#endif #endif
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_MAC) #if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
// static // static
scoped_refptr<CertVerifyProc> CertVerifyProc::CreateBuiltinVerifyProc( scoped_refptr<CertVerifyProc> CertVerifyProc::CreateBuiltinVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher) { scoped_refptr<CertNetFetcher> cert_net_fetcher) {

View File

@ -80,14 +80,16 @@ class NET_EXPORT CertVerifyProc
kMaxValue = kOther kMaxValue = kOther
}; };
#if !(BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)) #if !(BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || \
BUILDFLAG(IS_ANDROID))
// Creates and returns a CertVerifyProc that uses the system verifier. // Creates and returns a CertVerifyProc that uses the system verifier.
// |cert_net_fetcher| may not be used, depending on the implementation. // |cert_net_fetcher| may not be used, depending on the implementation.
static scoped_refptr<CertVerifyProc> CreateSystemVerifyProc( static scoped_refptr<CertVerifyProc> CreateSystemVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher); scoped_refptr<CertNetFetcher> cert_net_fetcher);
#endif #endif
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_MAC) #if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
// Creates and returns a CertVerifyProcBuiltin using the SSL SystemTrustStore. // Creates and returns a CertVerifyProcBuiltin using the SSL SystemTrustStore.
static scoped_refptr<CertVerifyProc> CreateBuiltinVerifyProc( static scoped_refptr<CertVerifyProc> CreateBuiltinVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher); scoped_refptr<CertNetFetcher> cert_net_fetcher);

View File

@ -17,7 +17,7 @@
#include "net/cert/x509_certificate.h" #include "net/cert/x509_certificate.h"
#if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_APPLE) || \ #if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_APPLE) || \
BUILDFLAG(IS_FUCHSIA) BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
// When not defined, the EVRootCAMetadata singleton is a dumb placeholder // When not defined, the EVRootCAMetadata singleton is a dumb placeholder
// implementation that will fail all EV lookup operations. // implementation that will fail all EV lookup operations.
#define PLATFORM_USES_CHROMIUM_EV_METADATA #define PLATFORM_USES_CHROMIUM_EV_METADATA