cert: Use builtin verifier on Android and Linux

This commit is contained in:
klzgrad 2021-05-16 00:46:34 +08:00
parent 434dab01ee
commit a6f3d84057
5 changed files with 14 additions and 8 deletions

View File

@ -1142,7 +1142,6 @@ component("net") {
"android/radio_activity_tracker.h",
"android/traffic_stats.h",
"cert/cert_verify_proc_android.h",
"cert/test_root_certs_android.cc",
"proxy_resolution/proxy_config_service_android.h",
]
}
@ -1184,6 +1183,7 @@ component("net") {
"base/network_interfaces_linux.cc",
"base/network_interfaces_linux.h",
"base/platform_mime_util_linux.cc",
"cert/test_root_certs_builtin.cc",
]
}

View File

@ -87,7 +87,8 @@ std::unique_ptr<CertVerifier> CertVerifier::CreateDefaultWithoutCaching(
}
#endif
if (!verify_proc) {
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || \
BUILDFLAG(IS_ANDROID)
verify_proc =
CertVerifyProc::CreateBuiltinVerifyProc(std::move(cert_net_fetcher));
#else

View File

@ -52,7 +52,8 @@
#include "url/url_canon.h"
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_MAC) || \
BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED)
BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) || BUILDFLAG(IS_ANDROID) || \
BUILDFLAG(IS_LINUX)
#include "net/cert/cert_verify_proc_builtin.h"
#endif
@ -506,7 +507,8 @@ base::Value CertVerifyParams(X509Certificate* cert,
} // namespace
#if !(BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS))
#if !(BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || \
BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID))
// static
scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher) {
@ -525,7 +527,8 @@ scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc(
}
#endif
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS)
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || \
BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
// static
scoped_refptr<CertVerifyProc> CertVerifyProc::CreateBuiltinVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher) {

View File

@ -81,14 +81,16 @@ class NET_EXPORT CertVerifyProc
kMaxValue = kOther
};
#if !(BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS))
#if !(BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || \
BUILDFLAG(IS_ANDROID))
// Creates and returns a CertVerifyProc that uses the system verifier.
// |cert_net_fetcher| may not be used, depending on the implementation.
static scoped_refptr<CertVerifyProc> CreateSystemVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher);
#endif
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS)
#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || \
BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
// Creates and returns a CertVerifyProcBuiltin using the SSL SystemTrustStore.
static scoped_refptr<CertVerifyProc> CreateBuiltinVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher);

View File

@ -17,7 +17,7 @@
#include "net/cert/x509_certificate.h"
#if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_APPLE) || \
BUILDFLAG(IS_FUCHSIA)
BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
// When not defined, the EVRootCAMetadata singleton is a dumb placeholder
// implementation that will fail all EV lookup operations.
#define PLATFORM_USES_CHROMIUM_EV_METADATA