From ef642d56f3e884b800a10e16a018b12c1dd3d1df Mon Sep 17 00:00:00 2001 From: klzgrad Date: Sun, 16 May 2021 00:46:34 +0800 Subject: [PATCH] cert: Use builtin verifier on Android and Linux --- src/net/cert/cert_verifier.cc | 3 ++- src/net/cert/cert_verify_proc.cc | 9 ++++++--- src/net/cert/cert_verify_proc.h | 8 +++++--- src/net/cert/ev_root_ca_metadata.h | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/net/cert/cert_verifier.cc b/src/net/cert/cert_verifier.cc index 6504721e2f..f9b6f3d379 100644 --- a/src/net/cert/cert_verifier.cc +++ b/src/net/cert/cert_verifier.cc @@ -87,7 +87,8 @@ std::unique_ptr CertVerifier::CreateDefaultWithoutCaching( return std::unique_ptr(); #else scoped_refptr verify_proc; -#if defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) +#if defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) || \ + defined(OS_ANDROID) verify_proc = CertVerifyProc::CreateBuiltinVerifyProc(std::move(cert_net_fetcher)); #elif BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) diff --git a/src/net/cert/cert_verify_proc.cc b/src/net/cert/cert_verify_proc.cc index 6135c24fe8..253111939f 100644 --- a/src/net/cert/cert_verify_proc.cc +++ b/src/net/cert/cert_verify_proc.cc @@ -47,7 +47,8 @@ #include "third_party/boringssl/src/include/openssl/pool.h" #include "url/url_canon.h" -#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) +#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) || \ + defined(OS_ANDROID) || defined(OS_LINUX) #include "net/cert/cert_verify_proc_builtin.h" #endif @@ -493,7 +494,8 @@ base::Value CertVerifyParams(X509Certificate* cert, } // namespace -#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS)) +#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) || \ + defined(OS_ANDROID)) // static scoped_refptr CertVerifyProc::CreateSystemVerifyProc( scoped_refptr cert_net_fetcher) { @@ -511,7 +513,8 @@ scoped_refptr CertVerifyProc::CreateSystemVerifyProc( } #endif -#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) +#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) || \ + defined(OS_ANDROID) || defined(OS_LINUX) // static scoped_refptr CertVerifyProc::CreateBuiltinVerifyProc( scoped_refptr cert_net_fetcher) { diff --git a/src/net/cert/cert_verify_proc.h b/src/net/cert/cert_verify_proc.h index 9a6dd8459f..5225f1da0a 100644 --- a/src/net/cert/cert_verify_proc.h +++ b/src/net/cert/cert_verify_proc.h @@ -23,7 +23,7 @@ class CertVerifyResult; class CRLSet; class NetLogWithSource; class X509Certificate; -typedef std::vector > CertificateList; +typedef std::vector> CertificateList; // Class to perform certificate path building and verification for various // certificate uses. All methods of this class must be thread-safe, as they @@ -66,14 +66,16 @@ class NET_EXPORT CertVerifyProc kMaxValue = kChainLengthOne }; -#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS)) +#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) || \ + defined(OS_ANDROID)) // Creates and returns a CertVerifyProc that uses the system verifier. // |cert_net_fetcher| may not be used, depending on the implementation. static scoped_refptr CreateSystemVerifyProc( scoped_refptr cert_net_fetcher); #endif -#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) +#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) || \ + defined(OS_ANDROID) || defined(OS_LINUX) // Creates and returns a CertVerifyProcBuiltin using the SSL SystemTrustStore. static scoped_refptr CreateBuiltinVerifyProc( scoped_refptr cert_net_fetcher); diff --git a/src/net/cert/ev_root_ca_metadata.h b/src/net/cert/ev_root_ca_metadata.h index 9d2b323fbc..b3c5dcc073 100644 --- a/src/net/cert/ev_root_ca_metadata.h +++ b/src/net/cert/ev_root_ca_metadata.h @@ -17,7 +17,7 @@ #include "net/cert/x509_certificate.h" #if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_APPLE) || \ - defined(OS_FUCHSIA) + defined(OS_FUCHSIA) || defined(OS_ANDROID) || defined(OS_LINUX) // When not defined, the EVRootCAMetadata singleton is a dumb placeholder // implementation that will fail all EV lookup operations. #define PLATFORM_USES_CHROMIUM_EV_METADATA