Add built-in root certificates to dart:io SecureSocket.

sdk/lib/io/secure_socket.dart

Index: sdk/lib/io/secure_socket.dart
diff --git a/sdk/lib/io/secure_socket.dart b/sdk/lib/io/secure_socket.dart
index d76b5ada3f2168949c078a75938e3e5eaede004d..af3b9f3e4943942e89f271407a877f6ec00e31ec 100644
--- a/sdk/lib/io/secure_socket.dart
+++ b/sdk/lib/io/secure_socket.dart
@@ -23,7 +23,9 @@ abstract class SecureSocket implements Socket {
    * client connections, and server certificates to provide on server
    * connections.  The password argument should be used when creating
    * secure server sockets, to allow the private key of the server
-   * certificate to be fetched.
+   * certificate to be fetched.  If useBuiltinRoots is true (the default),
+   * then an built-in set of root certificates for trusted certificate

[Mads Ager (google), 2012/11/29 20:13:05]

an built-in set -> a built-in set?

[Bill Hesse, 2012/11/30 12:51:16]

Done.

+   * authorities is merged with the certificates in the database.
    *
    * The database should be an NSS certificate database directory
    * containing a cert9.db file, not a cert8.db file.  This version of
@@ -32,7 +34,8 @@ abstract class SecureSocket implements Socket {
    * environment variable NSS_DEFAULT_DB_TYPE to "sql".
    */
   external static void setCertificateDatabase(String certificateDatabase,

[Mads Ager (google), 2012/11/29 20:13:05]

How do you get away with only using the built-in set of root certificates when
you have to pass in the string here? How about renaming this to initialize and
making all arguments optional so that you can choose to just call initialize
with no arguments to get the default initialization with only the built-in set
of certificates?

[Bill Hesse, 2012/11/30 12:51:16]

Done.

-                                              [String password]);
+                                             {String password,
+                                              bool useBuiltinRoots: true});
 }
 
 
@@ -299,21 +302,31 @@ class _SecureSocket implements SecureSocket {
   }
 
   void _secureDataHandler() {
-    if (_status == HANDSHAKE) {
-      _secureHandshake();
-    } else {
-      _writeEncryptedData();  // TODO(whesse): Removing this causes a failure.
-      _readEncryptedData();
-      if (!_filterReadEmpty) {
-        // Call the onData event.
-        if (scheduledDataEvent != null) {
-          scheduledDataEvent.cancel();
-          scheduledDataEvent = null;
-        }
-        if (_socketDataHandler != null) {
-          _socketDataHandler();
+    bool inUserCode = false;
+    try {

[Mads Ager (google), 2012/11/29 20:13:05]

I think we should do our best to avoid this type of try-catch. It makes it
really hard to track down problems because you are eating the original stack
trace. Can you explain the need to wrap here? It seems to me that there is
nothing the user can do anyway if we are throwing errors in the internals here,
so I'm not sure why catching the exception for internal stuff is better?

[Bill Hesse, 2012/11/30 12:51:16]

In the socket class, the onError handler can be called both asynchronously and
during a call to read, write, or available.  There are also exceptions thrown,
if any of the user callbacks throw an exception.  So this will reproduce the
current behavior, just for this function.  Other functions still are throwing
exceptions where they should call onError.

Changed the scope of the try block to avoid the rethrow.

+      if (_status == HANDSHAKE) {
+        _secureHandshake();
+      } else {
+        _writeEncryptedData();  // TODO(whesse): Removing this causes a failure.
+        _readEncryptedData();
+        if (!_filterReadEmpty) {
+          // Call the onData event.
+          if (scheduledDataEvent != null) {
+            scheduledDataEvent.cancel();
+            scheduledDataEvent = null;
+          }
+          if (_socketDataHandler != null) {
+            inUserCode = true;
+            _socketDataHandler();
+          }
         }
       }
+    } catch (e) {
+      if (inUserCode) {
+        throw e;
+      } else {
+        _reportError(e, "SecureSocket error");
+      }
     }
   }
 
@@ -331,6 +344,7 @@ class _SecureSocket implements SecureSocket {
     } else {
       e = new SocketIOException('$message (${error.toString()})', null);
     }
+    close(false);
     bool reported = false;
     if (_socketErrorHandler != null) {
       reported = true;
@@ -342,7 +356,6 @@ class _SecureSocket implements SecureSocket {
     if (_outputStream != null) {
       reported = reported || _outputStream._onSocketError(e);
     }
-
     if (!reported) throw e;
   }