From ce0c7401e7593acfe6e4a0a411546ed0335cc6cc Mon Sep 17 00:00:00 2001 From: klzgrad Date: Sun, 10 Dec 2023 19:12:48 +0800 Subject: [PATCH] net/cert: Use builtin verifier on Android and Linux --- src/net/BUILD.gn | 2 +- src/net/cert/ev_root_ca_metadata.h | 2 +- src/net/features.gni | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/net/BUILD.gn b/src/net/BUILD.gn index ae3eb92c11..5b6aa04698 100644 --- a/src/net/BUILD.gn +++ b/src/net/BUILD.gn @@ -1207,7 +1207,6 @@ component("net") { "android/network_library.h", "android/traffic_stats.h", "cert/cert_verify_proc_android.h", - "cert/test_root_certs_android.cc", "proxy_resolution/proxy_config_service_android.h", ] } @@ -1250,6 +1249,7 @@ component("net") { "base/network_interfaces_linux.cc", "base/network_interfaces_linux.h", "base/platform_mime_util_linux.cc", + "cert/test_root_certs_builtin.cc", ] } diff --git a/src/net/cert/ev_root_ca_metadata.h b/src/net/cert/ev_root_ca_metadata.h index 29ceafe49b..3ccefd852e 100644 --- a/src/net/cert/ev_root_ca_metadata.h +++ b/src/net/cert/ev_root_ca_metadata.h @@ -17,7 +17,7 @@ #include "net/cert/x509_certificate.h" #if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || \ - BUILDFLAG(IS_FUCHSIA) + BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX) // When not defined, the EVRootCAMetadata singleton is a dumb placeholder // implementation that will fail all EV lookup operations. #define PLATFORM_USES_CHROMIUM_EV_METADATA diff --git a/src/net/features.gni b/src/net/features.gni index a82f99de37..9a44c5fd21 100644 --- a/src/net/features.gni +++ b/src/net/features.gni @@ -46,11 +46,11 @@ declare_args() { # # Currently this is used only for Android because WebView does not use the # builtin cert verifier, but uses the Android cert verifier. - chrome_root_store_optional = is_android && !is_cronet_build + chrome_root_store_optional = false # Platforms for which certificate verification can only be performed using # the builtin cert verifier with the Chrome Root Store. - chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos + chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos || is_android # DBSC is only supported on windows for now enable_device_bound_sessions = is_win