From e0b4e80a2c44daf826960bbe906165a1f2b47e04 Mon Sep 17 00:00:00 2001 From: klzgrad Date: Sun, 16 May 2021 00:46:34 +0800 Subject: [PATCH] cert: Use builtin verifier on Android and Linux --- src/net/BUILD.gn | 2 +- src/net/cert/cert_verifier.cc | 3 ++- src/net/cert/cert_verify_proc.cc | 8 +++++--- src/net/cert/cert_verify_proc.h | 3 ++- src/net/cert/ev_root_ca_metadata.h | 2 +- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/net/BUILD.gn b/src/net/BUILD.gn index b546a8cc2c..9e80a12d14 100644 --- a/src/net/BUILD.gn +++ b/src/net/BUILD.gn @@ -1158,7 +1158,6 @@ component("net") { "android/network_library.h", "android/traffic_stats.h", "cert/cert_verify_proc_android.h", - "cert/test_root_certs_android.cc", "proxy_resolution/proxy_config_service_android.h", ] } @@ -1201,6 +1200,7 @@ component("net") { "base/network_interfaces_linux.cc", "base/network_interfaces_linux.h", "base/platform_mime_util_linux.cc", + "cert/test_root_certs_builtin.cc", ] } diff --git a/src/net/cert/cert_verifier.cc b/src/net/cert/cert_verifier.cc index cfb73ea63c..756316cf90 100644 --- a/src/net/cert/cert_verifier.cc +++ b/src/net/cert/cert_verifier.cc @@ -40,7 +40,8 @@ class DefaultCertVerifyProcFactory : public net::CertVerifyProcFactory { return CertVerifyProc::CreateBuiltinWithChromeRootStore( std::move(cert_net_fetcher), impl_params.crl_set, base::OptionalToPtr(impl_params.root_store_data)); -#elif BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) +#elif BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || \ + BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID) return CertVerifyProc::CreateBuiltinVerifyProc(std::move(cert_net_fetcher), impl_params.crl_set); #else diff --git a/src/net/cert/cert_verify_proc.cc b/src/net/cert/cert_verify_proc.cc index b1dab376aa..1fc120487b 100644 --- a/src/net/cert/cert_verify_proc.cc +++ b/src/net/cert/cert_verify_proc.cc @@ -51,8 +51,9 @@ #include "third_party/boringssl/src/include/openssl/pool.h" #include "url/url_canon.h" -#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || \ - BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) +#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || \ + BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) || BUILDFLAG(IS_ANDROID) || \ + BUILDFLAG(IS_LINUX) #include "net/cert/cert_verify_proc_builtin.h" #endif @@ -426,7 +427,8 @@ scoped_refptr CertVerifyProc::CreateSystemVerifyProc( } #endif -#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) +#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || \ + BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX) // static scoped_refptr CertVerifyProc::CreateBuiltinVerifyProc( scoped_refptr cert_net_fetcher, diff --git a/src/net/cert/cert_verify_proc.h b/src/net/cert/cert_verify_proc.h index 38bc9fefee..3a72692a34 100644 --- a/src/net/cert/cert_verify_proc.h +++ b/src/net/cert/cert_verify_proc.h @@ -88,7 +88,8 @@ class NET_EXPORT CertVerifyProc scoped_refptr crl_set); #endif -#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) +#if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(USE_NSS_CERTS) || \ + BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX) // Creates and returns a CertVerifyProcBuiltin using the SSL SystemTrustStore. static scoped_refptr CreateBuiltinVerifyProc( scoped_refptr cert_net_fetcher, diff --git a/src/net/cert/ev_root_ca_metadata.h b/src/net/cert/ev_root_ca_metadata.h index 29c31c4189..0612047224 100644 --- a/src/net/cert/ev_root_ca_metadata.h +++ b/src/net/cert/ev_root_ca_metadata.h @@ -17,7 +17,7 @@ #include "net/cert/x509_certificate.h" #if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || \ - BUILDFLAG(IS_FUCHSIA) + BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX) // When not defined, the EVRootCAMetadata singleton is a dumb placeholder // implementation that will fail all EV lookup operations. #define PLATFORM_USES_CHROMIUM_EV_METADATA