X.509-related cleanup

net/socket/ssl_client_socket_nss.cc

Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 32343204fcecd53852a113dd061c8ca428059e4b..3d08b076308a75ea5d1299573a8dbe0d78a48b4a 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -50,9 +50,16 @@
 #if defined(USE_SYSTEM_SSL)
 #include <dlfcn.h>
 #endif
-#if defined(OS_MACOSX)
+#if defined(OS_WIN)
+#include <windows.h>
+#include <wincrypt.h>
+#elif defined(OS_MACOSX)
+// <Security/Security.h> must be included before NSS due to conflicting
+// identifiers for cipher suites (Security.framework uses an enum, NSS uses a

[wtc, 2010/11/17 21:31:53]

I believe the only conflicting identifier is
SSL_NULL_WITH_NULL_NULL.  Can you confirm that?
That would be useful info to note here.

[Ryan Sleevi, 2010/11/18 08:21:36]

No, it's all the cipher suites that follow the standard names. sslproto.h of NSS
defines them for NSS, <Security/CipherSuite.h> (included by
<Security/Security.h>) defines them for SecureTransport. The compiler is just
reporting the first error.

I went with explicitly specifying the headers to include, since it seems that
pattern is accepted/preferred elsewhere in the codebase with things like Cocoa
or Foundation, so it would seem acceptable here for Security.framework to avoid
pulling in all of Security.h

+// #define)
 #include <Security/Security.h>
 #endif
+
 #include <certdb.h>
 #include <hasht.h>
 #include <keyhi.h>