OLD | NEW |
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 #include "platform/globals.h" | 5 #include "platform/globals.h" |
6 #if defined(TARGET_OS_ANDROID) || \ | 6 #if defined(TARGET_OS_ANDROID) || \ |
7 defined(TARGET_OS_LINUX) || \ | 7 defined(TARGET_OS_LINUX) || \ |
8 defined(TARGET_OS_WINDOWS) | 8 defined(TARGET_OS_WINDOWS) |
9 | 9 |
10 #include "bin/secure_socket.h" | 10 #include "bin/secure_socket.h" |
(...skipping 756 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
767 | 767 |
768 | 768 |
769 void FUNCTION_NAME(SecurityContext_AlpnSupported)(Dart_NativeArguments args) { | 769 void FUNCTION_NAME(SecurityContext_AlpnSupported)(Dart_NativeArguments args) { |
770 Dart_SetReturnValue(args, Dart_NewBoolean(true)); | 770 Dart_SetReturnValue(args, Dart_NewBoolean(true)); |
771 } | 771 } |
772 | 772 |
773 | 773 |
774 void FUNCTION_NAME(SecurityContext_TrustBuiltinRoots)( | 774 void FUNCTION_NAME(SecurityContext_TrustBuiltinRoots)( |
775 Dart_NativeArguments args) { | 775 Dart_NativeArguments args) { |
776 SSL_CTX* context = GetSecurityContext(args); | 776 SSL_CTX* context = GetSecurityContext(args); |
| 777 #if defined(TARGET_OS_ANDROID) |
| 778 // On Android, we don't compile in the trusted root certificates. Insead, |
| 779 // we use the directory of trusted certificates already present on the device. |
| 780 // This saves ~240KB from the size of the binary. This has the drawback that |
| 781 // SSL_do_handshake will synchronously hit the filesystem looking for root |
| 782 // certs during its trust evaluation. We call SSL_do_handshake directly from |
| 783 // the Dart thread so that Dart code can be invoked from the "bad certificate" |
| 784 // callback called by SSL_do_handshake. |
| 785 const char* android_cacerts = "/system/etc/security/cacerts"; |
| 786 int status = SSL_CTX_load_verify_locations(context, NULL, android_cacerts); |
| 787 CheckStatus(status, "TlsException", "Failure trusting builtint roots"); |
| 788 #else |
777 X509_STORE* store = SSL_CTX_get_cert_store(context); | 789 X509_STORE* store = SSL_CTX_get_cert_store(context); |
778 BIO* roots_bio = | 790 BIO* roots_bio = |
779 BIO_new_mem_buf(const_cast<unsigned char*>(root_certificates_pem), | 791 BIO_new_mem_buf(const_cast<unsigned char*>(root_certificates_pem), |
780 root_certificates_pem_length); | 792 root_certificates_pem_length); |
781 X509* root_cert; | 793 X509* root_cert; |
782 // PEM_read_bio_X509 reads PEM-encoded certificates from a bio (in our case, | 794 // PEM_read_bio_X509 reads PEM-encoded certificates from a bio (in our case, |
783 // backed by a memory buffer), and returns X509 objects, one by one. | 795 // backed by a memory buffer), and returns X509 objects, one by one. |
784 // When the end of the bio is reached, it returns null. | 796 // When the end of the bio is reached, it returns null. |
785 while ((root_cert = PEM_read_bio_X509(roots_bio, NULL, NULL, NULL))) { | 797 while ((root_cert = PEM_read_bio_X509(roots_bio, NULL, NULL, NULL))) { |
786 X509_STORE_add_cert(store, root_cert); | 798 X509_STORE_add_cert(store, root_cert); |
787 } | 799 } |
788 BIO_free(roots_bio); | 800 BIO_free(roots_bio); |
| 801 #endif // defined(TARGET_OS_ANDROID) |
789 } | 802 } |
790 | 803 |
791 | 804 |
792 static int UseChainBytesPKCS12(SSL_CTX* context, | 805 static int UseChainBytesPKCS12(SSL_CTX* context, |
793 BIO* bio, | 806 BIO* bio, |
794 const char* password) { | 807 const char* password) { |
795 ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL)); | 808 ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL)); |
796 if (p12.get() == NULL) { | 809 if (p12.get() == NULL) { |
797 return 0; | 810 return 0; |
798 } | 811 } |
(...skipping 861 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1660 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); | 1673 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); |
1661 } | 1674 } |
1662 } | 1675 } |
1663 return bytes_processed; | 1676 return bytes_processed; |
1664 } | 1677 } |
1665 | 1678 |
1666 } // namespace bin | 1679 } // namespace bin |
1667 } // namespace dart | 1680 } // namespace dart |
1668 | 1681 |
1669 #endif // defined(TARGET_OS_LINUX) | 1682 #endif // defined(TARGET_OS_LINUX) |
OLD | NEW |