22 Commits

Author SHA1 Message Date
klzgrad
c8f6209754 socket: Force tunneling for all sockets
In the socket system, only WebSocket sockets are allowed to tunnel
through HTTP/1 proxies. "Raw" sockets in the normal socket pool don't
have it, and their CONNECT headers are not sent, instead the raw
payload is sent as-is to the HTTP/1 proxy, breaking the proxying.

The socket system works like this:

- HTTP sockets via HTTP/1 proxies: normal pool, no tunneling.
- HTTPS sockets via HTTP/1 proxies: normal pool, no tunneling,
  but does its own proxy encapsulation.
- WS sockets via HTTP/1 proxies: WS pool, tunneling.

In Naive, we need the normal pool because the WS pool has some extra
restrictions but we also need tunneling to produce a client socket
with proxy tunneling built in.

Therefore force tunneling for all sockets and have them always send
CONNECT headers. This will otherwise break regular HTTP client sockets
via HTTP/1 proxies, but as we don't use this combination, it is ok.
2021-11-15 20:12:59 +08:00
klzgrad
30a0c38afd socket: Allow higher limits for proxies
As an intermediary proxy we should not enforce stricter connection
limits in addition to what the user is already enforcing.
2021-11-15 20:12:59 +08:00
klzgrad
29f29af1b8 socket: Add RawConnect method 2021-11-15 20:12:59 +08:00
klzgrad
c0c332c297 build: Disable NSS
NSS is used to manage root trust store. This part is reimplemented.
2021-11-15 20:12:59 +08:00
klzgrad
bbf9fc7548 cert: Handle AIA response in PKCS#7 format 2021-11-15 20:12:59 +08:00
klzgrad
81940d6794 cert: Use builtin verifier on Android and Linux 2021-11-15 20:12:59 +08:00
klzgrad
b955fd91c8 cert: Add SystemTrustStoreStaticUnix
It reads CA certificates from:

* The file in environment variable SSL_CERT_FILE
* The first available file of

/etc/ssl/certs/ca-certificates.crt (Debian/Ubuntu/Gentoo etc.)
/etc/pki/tls/certs/ca-bundle.crt (Fedora/RHEL 6)
/etc/ssl/ca-bundle.pem (OpenSUSE)
/etc/pki/tls/cacert.pem (OpenELEC)
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (CentOS/RHEL 7)
/etc/ssl/cert.pem (Alpine Linux)

* Files in the directory of environment variable SSL_CERT_DIR
* Files in the first available directory of

/etc/ssl/certs (SLES10/SLES11, https://golang.org/issue/12139)
/etc/pki/tls/certs (Fedora/RHEL)
/system/etc/security/cacerts (Android)
2021-11-15 20:12:59 +08:00
klzgrad
408755a371 libc++: Guard C++20 atomic type aliases
https://reviews.llvm.org/D75183
https://github.com/ziglang/zig/issues/6573
2021-11-15 20:12:59 +08:00
klzgrad
82d35d1738 libc++: Disable exceptions and RTTI
Except on Mac, where disabling exceptions doesn't work.
2021-11-15 20:08:42 +08:00
klzgrad
b64ae66520 url: Remove perfetto tracing 2021-11-15 20:08:42 +08:00
klzgrad
9cde8bfe74 base: Disable trace event
This allows builds with enable_base_tracing=false.
2021-11-15 20:08:42 +08:00
klzgrad
a06b97ebe5 lss: Avoid naming conflict in fstatat64
Supports OpenWrt builds.
2021-11-15 20:08:42 +08:00
klzgrad
e92a64a041 base: Don't fix Y2038 problem with icu 2021-11-15 20:08:42 +08:00
klzgrad
cf95c592e1 net, url: Remove icu 2021-11-15 20:08:42 +08:00
klzgrad
2eee32326c build: Force determinism in official build
Helps build with ccache.
2021-11-15 20:08:42 +08:00
klzgrad
081403c267 build: Disable Android java templates 2021-11-15 20:08:42 +08:00
klzgrad
cd2bc917f9 build: Disable build_with_chromium
The argument build_with_chromium mainly enables various tests,
data bundling, infra integration, and AFDO profiles.

AFDO can be added by other arguments.
2021-11-15 20:08:42 +08:00
klzgrad
4b4b61dc21 base: Add Android stubs 2021-11-15 20:08:42 +08:00
klzgrad
907e514dcd net: Add Android stubs 2021-11-15 20:08:42 +08:00
klzgrad
69f5b8435f build: Remove tests and minimize 2021-11-15 20:08:42 +08:00
klzgrad
49bcc7e4cb Add .gitignore 2021-11-15 19:41:41 +08:00
importer
32466067de Import chromium-96.0.4664.45 2021-11-15 19:41:41 +08:00