Chromium Code Reviews Chromium Code Reviews
Issue 11308271:
Add built-in root certificates to dart:io SecureSocket. (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart| Index: runtime/bin/secure_socket.cc |
| diff --git a/runtime/bin/secure_socket.cc b/runtime/bin/secure_socket.cc |
| index 2c9665b9982e0b95586550ea27ceffd042c7cb8d..c81420fcf15d157c79581bae90ac91632272e47c 100644 |
| --- a/runtime/bin/secure_socket.cc |
| +++ b/runtime/bin/secure_socket.cc |
| @@ -159,7 +159,7 @@ void FUNCTION_NAME(SecureSocket_ProcessBuffer)(Dart_NativeArguments args) { |
| } |
| -void FUNCTION_NAME(SecureSocket_SetCertificateDatabase) |
| +void FUNCTION_NAME(SecureSocket_InitializeLibrary) |
| (Dart_NativeArguments args) { |
| Dart_EnterScope(); |
| Dart_Handle certificate_database_object = |
| @@ -169,10 +169,11 @@ void FUNCTION_NAME(SecureSocket_SetCertificateDatabase) |
| if (Dart_IsString(certificate_database_object)) { |
| ThrowIfError(Dart_StringToCString(certificate_database_object, |
| &certificate_database)); |
| - } else { |
| + } else if (!Dart_IsNull(certificate_database_object)) { |
| Dart_ThrowException(DartUtils::NewDartArgumentError( |
| "Non-String certificate directory argument to SetCertificateDatabase")); |
| } |
| + // Leave certificate_database as NULL if no value was provided. |
| Dart_Handle password_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); |
| // Check that the type is string or null, |
| @@ -188,7 +189,18 @@ void FUNCTION_NAME(SecureSocket_SetCertificateDatabase) |
| "Password argument to SetCertificateDatabase is not a String or null")); |
| } |
| - SSLFilter::InitializeLibrary(certificate_database, password); |
| + Dart_Handle builtin_roots_object = |
| + ThrowIfError(Dart_GetNativeArgument(args, 2)); |
| + // Check that the type is boolean, and get the boolean value from it. |
| + bool builtin_roots = true; |
| + if (Dart_IsBoolean(builtin_roots_object)) { |
| + ThrowIfError(Dart_BooleanValue(builtin_roots_object, &builtin_roots)); |
| + } else { |
| + Dart_ThrowException(DartUtils::NewDartArgumentError( |
| + "UseBuiltinRoots argument to SetCertificateDatabase is not a bool")); |
| + } |
| + |
| + SSLFilter::InitializeLibrary(certificate_database, password, builtin_roots); |
| Dart_ExitScope(); |
| } |
| @@ -241,14 +253,29 @@ void SSLFilter::RegisterHandshakeCompleteCallback(Dart_Handle complete) { |
| void SSLFilter::InitializeLibrary(const char* certificate_database, |
| - const char* password) { |
| + const char* password, |
| + bool use_builtin_root_certificates) { |
| MutexLocker locker(&mutex_); |
| if (!library_initialized_) { |
| library_initialized_ = true; |
| password_ = strdup(password); // This one copy persists until Dart exits. |
| PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); |
| // TODO(whesse): Verify there are no UTF-8 issues here. |
| - SECStatus status = NSS_Init(certificate_database); |
| + PRUint32 init_flags = NSS_INIT_READONLY; |
| + if (certificate_database == NULL) { |
| + // This will not open a database in the current directory, even if it |
|
Mads Ager (google)
2012/12/03 09:15:09
This looks strange. The documentation just says th
Bill Hesse
2012/12/03 12:20:04
I was referring only to passing "" as the database
Mads Ager (google)
2012/12/03 13:00:13
Thanks for updating the comment. Please add the pa
|
| + // exists. |
| + certificate_database = ""; |
| + init_flags |= NSS_INIT_FORCEOPEN; |
| + } |
| + if (!use_builtin_root_certificates) { |
| + init_flags |= NSS_INIT_NOMODDB; |
| + } |
| + SECStatus status = NSS_Initialize(certificate_database, |
| + "", |
| + "", |
| + SECMOD_DB, |
| + init_flags); |
| if (status != SECSuccess) { |
| ThrowPRException("Unsuccessful NSS_Init call."); |
| } |
