Don't compile in root certs on Android.

Don't compile in root certs on Android.

This works by using SSL_CTX_load_verify_locations in
SecurityContext._trustBuiltinRoots() to specify
/system/etc/security/cacerts as the certificate directory.

This saves about 240KB from a stripped ProductAndroidARM build.

This has the drawback that SSL_do_handshake will synchronously
hit the filesystem looking for root certs during its trust evaluation.
We call SSL_do_handshake directly from the Dart thread so that Dart
code can be invoked from the "bad certificate" callback called by
SSL_do_handshake. If there was no need to support this callback,
it would be easier to move the handshake to the IOService thread, and
thus remove the compiled-in certs without the need for blocking IO
on the Dart thread.

R=whesse@google.com

Committed: https://github.com/dart-lang/sdk/commit/27f5c1f81cd0b8a30da5be821caa871bf5c18bd0

[zra, 2016-03-16 22:57:30]

zra@google.com changed reviewers:
+ iposva@google.com, whesse@google.com

[Bill Hesse, 2016-03-18 14:53:01]

LGTM.

[zra, 2016-03-22 16:30:09]

Description was changed from

==========
Don't compile in root certs on Android.

This works by using SSL_CTX_load_verify_locations in
SecurityContext._trustBuiltinRoots() to specify
/system/etc/security/cacerts as the certificate directory.

This saves about 240KB from a stripped ProductAndroidARM build.

This has the drawback that SSL_do_handshake will synchronously
hit the filesystem looking for root certs during its trust evaluation.
We call SSL_do_handshake directly from the Dart thread so that Dart
code can be invoked from the "bad certificate" callback called by
SSL_do_handshake. If there was no need to support this callback,
it would be easier to move the handshake to the IOService thread, and
thus remove the compiled-in certs without the need for blocking IO
on the Dart thread.
==========

to

==========
Don't compile in root certs on Android.

This works by using SSL_CTX_load_verify_locations in
SecurityContext._trustBuiltinRoots() to specify
/system/etc/security/cacerts as the certificate directory.

This saves about 240KB from a stripped ProductAndroidARM build.

This has the drawback that SSL_do_handshake will synchronously
hit the filesystem looking for root certs during its trust evaluation.
We call SSL_do_handshake directly from the Dart thread so that Dart
code can be invoked from the "bad certificate" callback called by
SSL_do_handshake. If there was no need to support this callback,
it would be easier to move the handshake to the IOService thread, and
thus remove the compiled-in certs without the need for blocking IO
on the Dart thread.

R=whesse@google.com

Committed:
https://github.com/dart-lang/sdk/commit/27f5c1f81cd0b8a30da5be821caa871bf5c18bd0
==========

[zra, 2016-03-22 16:30:10]

Committed patchset #2 (id:20001) manually as
27f5c1f81cd0b8a30da5be821caa871bf5c18bd0 (presubmit successful).