crypto/nss_util.cc - Issue 1808963004: Adding macro to enable changing SSL library (Part 1)

Side by Side Diff: crypto/nss_util.cc

Issue 1808963004: Adding macro to enable changing SSL library (Part 1) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "crypto/nss_util.h"	5 #include "crypto/nss_util.h"

6	6

7 #include <nss.h>	7 #include <nss.h>

8 #include <pk11pub.h>	8 #include <pk11pub.h>

9 #include <plarena.h>	9 #include <plarena.h>

10 #include <prerror.h>	10 #include <prerror.h>

(...skipping 697 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
708 // Use the system certificate store, so initialize NSS without database.	708 // Use the system certificate store, so initialize NSS without database.

709 nodb_init = true;	709 nodb_init = true;

710 #endif	710 #endif

711	711

712 if (nodb_init) {	712 if (nodb_init) {

713 status = NSS_NoDB_Init(NULL);	713 status = NSS_NoDB_Init(NULL);

714 if (status != SECSuccess) {	714 if (status != SECSuccess) {

715 CrashOnNSSInitFailure();	715 CrashOnNSSInitFailure();

716 return;	716 return;

717 }	717 }

718 #if defined(OS_IOS)	718 #if defined(OS_IOS) && !defined(USE_OPENSSL)
	davidben 2016/03/17 19:48:08 Shouldn't OS_IOS && USE_OPENSSL be impossible in t Shouldn't OS_IOS && USE_OPENSSL be impossible in this file? svaldez 2016/03/17 20:04:18 Done. Show quoted text On 2016/03/17 19:48:08, davidben wrote: > Shouldn't OS_IOS && USE_OPENSSL be impossible in this file? Done.
719 root_ = InitDefaultRootCerts();	719 root_ = InitDefaultRootCerts();

720 #endif // defined(OS_IOS)	720 #endif // defined(OS_IOS) && !defined(USE_OPENSSL)

721 } else {	721 } else {

722 #if defined(USE_NSS_CERTS)	722 #if defined(USE_NSS_CERTS)

723 base::FilePath database_dir = GetInitialConfigDirectory();	723 base::FilePath database_dir = GetInitialConfigDirectory();

724 if (!database_dir.empty()) {	724 if (!database_dir.empty()) {

725 // This duplicates the work which should have been done in	725 // This duplicates the work which should have been done in

726 // EarlySetupForNSSInit. However, this function is idempotent so	726 // EarlySetupForNSSInit. However, this function is idempotent so

727 // there's no harm done.	727 // there's no harm done.

728 UseLocalCacheOfNSSDatabaseIfNFS(database_dir);	728 UseLocalCacheOfNSSDatabaseIfNFS(database_dir);

729	729

730 // Initialize with a persistent database (likely, ~/.pki/nssdb).	730 // Initialize with a persistent database (likely, ~/.pki/nssdb).

(...skipping 65 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
796 }	796 }

797	797

798 SECStatus status = NSS_Shutdown();	798 SECStatus status = NSS_Shutdown();

799 if (status != SECSuccess) {	799 if (status != SECSuccess) {

800 // We VLOG(1) because this failure is relatively harmless (leaking, but	800 // We VLOG(1) because this failure is relatively harmless (leaking, but

801 // we're shutting down anyway).	801 // we're shutting down anyway).

802 VLOG(1) << "NSS_Shutdown failed; see http://crbug.com/4609";	802 VLOG(1) << "NSS_Shutdown failed; see http://crbug.com/4609";

803 }	803 }

804 }	804 }

805	805

806 #if defined(USE_NSS_CERTS) \|\| defined(OS_IOS)	806 #if defined(USE_NSS_VERIFIER)
	davidben 2016/03/17 19:48:08 Are there any cases where this ifdef is false and Are there any cases where this ifdef is false and we build this? (I probably should have just removed this earlier.) svaldez 2016/03/17 20:04:18 Done. Show quoted text On 2016/03/17 19:48:08, davidben wrote: > Are there any cases where this ifdef is false and we build this? (I probably > should have just removed this earlier.) Done.
807 // Load nss's built-in root certs.	807 // Load nss's built-in root certs.

808 SECMODModule* InitDefaultRootCerts() {	808 SECMODModule* InitDefaultRootCerts() {

809 SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", NULL);	809 SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", NULL);

810 if (root)	810 if (root)

811 return root;	811 return root;

812	812

813 // Aw, snap. Can't find/load root cert shared library.	813 // Aw, snap. Can't find/load root cert shared library.

814 // This will make it hard to talk to anybody via https.	814 // This will make it hard to talk to anybody via https.

815 // TODO(mattm): Re-add the NOTREACHED here when crbug.com/310972 is fixed.	815 // TODO(mattm): Re-add the NOTREACHED here when crbug.com/310972 is fixed.

816 return NULL;	816 return NULL;

(...skipping 203 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1020 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue();	1020 return time.ToInternalValue() - base::Time::UnixEpoch().ToInternalValue();

1021 }	1021 }

1022	1022

1023 #if !defined(OS_CHROMEOS)	1023 #if !defined(OS_CHROMEOS)

1024 PK11SlotInfo* GetPersistentNSSKeySlot() {	1024 PK11SlotInfo* GetPersistentNSSKeySlot() {

1025 return g_nss_singleton.Get().GetPersistentNSSKeySlot();	1025 return g_nss_singleton.Get().GetPersistentNSSKeySlot();

1026 }	1026 }

1027 #endif	1027 #endif

1028	1028

1029 } // namespace crypto	1029 } // namespace crypto

OLD	NEW

« build/config/crypto.gni ('K') | « build/config/crypto.gni ('k') | ios/chrome/browser/ios_chrome_io_thread.mm » ('j') | ios/crnet/crnet_environment.mm » ('J')