Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1265)

Side by Side Diff: runtime/bin/secure_socket_boringssl.cc

Issue 1811583003: Don't compile in root certs on Android. (Closed) Base URL: git@github.com:dart-lang/sdk.git@master
Patch Set: Merge Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a 2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file. 3 // BSD-style license that can be found in the LICENSE file.
4 4
5 #include "platform/globals.h" 5 #include "platform/globals.h"
6 #if defined(TARGET_OS_ANDROID) || \ 6 #if defined(TARGET_OS_ANDROID) || \
7 defined(TARGET_OS_LINUX) || \ 7 defined(TARGET_OS_LINUX) || \
8 defined(TARGET_OS_WINDOWS) 8 defined(TARGET_OS_WINDOWS)
9 9
10 #include "bin/secure_socket.h" 10 #include "bin/secure_socket.h"
(...skipping 756 matching lines...) Expand 10 before | Expand all | Expand 10 after
767 767
768 768
769 void FUNCTION_NAME(SecurityContext_AlpnSupported)(Dart_NativeArguments args) { 769 void FUNCTION_NAME(SecurityContext_AlpnSupported)(Dart_NativeArguments args) {
770 Dart_SetReturnValue(args, Dart_NewBoolean(true)); 770 Dart_SetReturnValue(args, Dart_NewBoolean(true));
771 } 771 }
772 772
773 773
774 void FUNCTION_NAME(SecurityContext_TrustBuiltinRoots)( 774 void FUNCTION_NAME(SecurityContext_TrustBuiltinRoots)(
775 Dart_NativeArguments args) { 775 Dart_NativeArguments args) {
776 SSL_CTX* context = GetSecurityContext(args); 776 SSL_CTX* context = GetSecurityContext(args);
777 #if defined(TARGET_OS_ANDROID)
778 // On Android, we don't compile in the trusted root certificates. Insead,
779 // we use the directory of trusted certificates already present on the device.
780 // This saves ~240KB from the size of the binary. This has the drawback that
781 // SSL_do_handshake will synchronously hit the filesystem looking for root
782 // certs during its trust evaluation. We call SSL_do_handshake directly from
783 // the Dart thread so that Dart code can be invoked from the "bad certificate"
784 // callback called by SSL_do_handshake.
785 const char* android_cacerts = "/system/etc/security/cacerts";
786 int status = SSL_CTX_load_verify_locations(context, NULL, android_cacerts);
787 CheckStatus(status, "TlsException", "Failure trusting builtint roots");
788 #else
777 X509_STORE* store = SSL_CTX_get_cert_store(context); 789 X509_STORE* store = SSL_CTX_get_cert_store(context);
778 BIO* roots_bio = 790 BIO* roots_bio =
779 BIO_new_mem_buf(const_cast<unsigned char*>(root_certificates_pem), 791 BIO_new_mem_buf(const_cast<unsigned char*>(root_certificates_pem),
780 root_certificates_pem_length); 792 root_certificates_pem_length);
781 X509* root_cert; 793 X509* root_cert;
782 // PEM_read_bio_X509 reads PEM-encoded certificates from a bio (in our case, 794 // PEM_read_bio_X509 reads PEM-encoded certificates from a bio (in our case,
783 // backed by a memory buffer), and returns X509 objects, one by one. 795 // backed by a memory buffer), and returns X509 objects, one by one.
784 // When the end of the bio is reached, it returns null. 796 // When the end of the bio is reached, it returns null.
785 while ((root_cert = PEM_read_bio_X509(roots_bio, NULL, NULL, NULL))) { 797 while ((root_cert = PEM_read_bio_X509(roots_bio, NULL, NULL, NULL))) {
786 X509_STORE_add_cert(store, root_cert); 798 X509_STORE_add_cert(store, root_cert);
787 } 799 }
788 BIO_free(roots_bio); 800 BIO_free(roots_bio);
801 #endif // defined(TARGET_OS_ANDROID)
789 } 802 }
790 803
791 804
792 static int UseChainBytesPKCS12(SSL_CTX* context, 805 static int UseChainBytesPKCS12(SSL_CTX* context,
793 BIO* bio, 806 BIO* bio,
794 const char* password) { 807 const char* password) {
795 ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL)); 808 ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
796 if (p12.get() == NULL) { 809 if (p12.get() == NULL) {
797 return 0; 810 return 0;
798 } 811 }
(...skipping 861 matching lines...) Expand 10 before | Expand all | Expand 10 after
1660 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); 1673 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed);
1661 } 1674 }
1662 } 1675 }
1663 return bytes_processed; 1676 return bytes_processed;
1664 } 1677 }
1665 1678
1666 } // namespace bin 1679 } // namespace bin
1667 } // namespace dart 1680 } // namespace dart
1668 1681
1669 #endif // defined(TARGET_OS_LINUX) 1682 #endif // defined(TARGET_OS_LINUX)
OLDNEW
« no previous file with comments | « runtime/bin/root_certificates_unsupported.cc ('k') | runtime/tools/gyp/runtime-configurations.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698