cert: Use builtin verifier on Android and Linux

This commit is contained in:
klzgrad 2021-05-16 00:46:34 +08:00
parent 95831a9548
commit ef642d56f3
4 changed files with 14 additions and 8 deletions

View File

@ -87,7 +87,8 @@ std::unique_ptr<CertVerifier> CertVerifier::CreateDefaultWithoutCaching(
return std::unique_ptr<CertVerifier>(); return std::unique_ptr<CertVerifier>();
#else #else
scoped_refptr<CertVerifyProc> verify_proc; scoped_refptr<CertVerifyProc> verify_proc;
#if defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) #if defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) || \
defined(OS_ANDROID)
verify_proc = verify_proc =
CertVerifyProc::CreateBuiltinVerifyProc(std::move(cert_net_fetcher)); CertVerifyProc::CreateBuiltinVerifyProc(std::move(cert_net_fetcher));
#elif BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED) #elif BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED)

View File

@ -47,7 +47,8 @@
#include "third_party/boringssl/src/include/openssl/pool.h" #include "third_party/boringssl/src/include/openssl/pool.h"
#include "url/url_canon.h" #include "url/url_canon.h"
#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) #if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) || \
defined(OS_ANDROID) || defined(OS_LINUX)
#include "net/cert/cert_verify_proc_builtin.h" #include "net/cert/cert_verify_proc_builtin.h"
#endif #endif
@ -493,7 +494,8 @@ base::Value CertVerifyParams(X509Certificate* cert,
} // namespace } // namespace
#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS)) #if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) || \
defined(OS_ANDROID))
// static // static
scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc( scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher) { scoped_refptr<CertNetFetcher> cert_net_fetcher) {
@ -511,7 +513,8 @@ scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc(
} }
#endif #endif
#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) #if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) || \
defined(OS_ANDROID) || defined(OS_LINUX)
// static // static
scoped_refptr<CertVerifyProc> CertVerifyProc::CreateBuiltinVerifyProc( scoped_refptr<CertVerifyProc> CertVerifyProc::CreateBuiltinVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher) { scoped_refptr<CertNetFetcher> cert_net_fetcher) {

View File

@ -23,7 +23,7 @@ class CertVerifyResult;
class CRLSet; class CRLSet;
class NetLogWithSource; class NetLogWithSource;
class X509Certificate; class X509Certificate;
typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; typedef std::vector<scoped_refptr<X509Certificate>> CertificateList;
// Class to perform certificate path building and verification for various // Class to perform certificate path building and verification for various
// certificate uses. All methods of this class must be thread-safe, as they // certificate uses. All methods of this class must be thread-safe, as they
@ -66,14 +66,16 @@ class NET_EXPORT CertVerifyProc
kMaxValue = kChainLengthOne kMaxValue = kChainLengthOne
}; };
#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS)) #if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) || \
defined(OS_ANDROID))
// Creates and returns a CertVerifyProc that uses the system verifier. // Creates and returns a CertVerifyProc that uses the system verifier.
// |cert_net_fetcher| may not be used, depending on the implementation. // |cert_net_fetcher| may not be used, depending on the implementation.
static scoped_refptr<CertVerifyProc> CreateSystemVerifyProc( static scoped_refptr<CertVerifyProc> CreateSystemVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher); scoped_refptr<CertNetFetcher> cert_net_fetcher);
#endif #endif
#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) #if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) || \
defined(OS_ANDROID) || defined(OS_LINUX)
// Creates and returns a CertVerifyProcBuiltin using the SSL SystemTrustStore. // Creates and returns a CertVerifyProcBuiltin using the SSL SystemTrustStore.
static scoped_refptr<CertVerifyProc> CreateBuiltinVerifyProc( static scoped_refptr<CertVerifyProc> CreateBuiltinVerifyProc(
scoped_refptr<CertNetFetcher> cert_net_fetcher); scoped_refptr<CertNetFetcher> cert_net_fetcher);

View File

@ -17,7 +17,7 @@
#include "net/cert/x509_certificate.h" #include "net/cert/x509_certificate.h"
#if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_APPLE) || \ #if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_APPLE) || \
defined(OS_FUCHSIA) defined(OS_FUCHSIA) || defined(OS_ANDROID) || defined(OS_LINUX)
// When not defined, the EVRootCAMetadata singleton is a dumb placeholder // When not defined, the EVRootCAMetadata singleton is a dumb placeholder
// implementation that will fail all EV lookup operations. // implementation that will fail all EV lookup operations.
#define PLATFORM_USES_CHROMIUM_EV_METADATA #define PLATFORM_USES_CHROMIUM_EV_METADATA