Index: build/common.gypi |
diff --git a/build/common.gypi b/build/common.gypi |
index 0d39d941c7dc45f851270854b1b41f2e18f9fa0b..fa0c7ce3badc325bafd5322b6376e516ee79ab6b 100644 |
--- a/build/common.gypi |
+++ b/build/common.gypi |
@@ -47,9 +47,16 @@ |
# Whether we are using Views Toolkit |
'toolkit_views%': 0, |
- # Use OpenSSL instead of NSS. Under development: see http://crbug.com/62803 |
+ # Use OpenSSL instead of NSS as underlying SSL protocol. |
wtc
2014/03/25 17:18:28
Nit: "protocol" should be changed to "implementati
haavardm
2014/03/26 12:25:18
Done.
haavardm
2014/03/26 12:25:18
Done.
|
+ # Certificate verification will in most cases be handled by the OS. |
+ # If openssl also is used for certificate verification, or the OS |
+ # uses OpenSSLL's struct X509 to represent certificates, |
wtc
2014/03/25 17:18:28
Typo: "OpenSSLL" has an extra L.
I think the "ope
haavardm
2014/03/26 12:25:18
Done.
|
+ # use_openssl_certs must be set. |
'use_openssl%': 0, |
+ # Typedef fX509Certificate::OSCertHandle to OpenSSL's struct X509*. |
wtc
2014/03/25 17:18:28
Remove the "f" before "X509Certificate".
haavardm
2014/03/26 12:25:18
Done.
|
+ 'use_openssl_certs%': 0, |
+ |
# Disable viewport meta tag by default. |
'enable_viewport%': 0, |
@@ -124,6 +131,7 @@ |
'use_ozone%': '<(use_ozone)', |
'embedded%': '<(embedded)', |
'use_openssl%': '<(use_openssl)', |
+ 'use_openssl_certs%': '<(use_openssl_certs)', |
'use_system_fontconfig%': '<(use_system_fontconfig)', |
'enable_viewport%': '<(enable_viewport)', |
'enable_hidpi%': '<(enable_hidpi)', |
@@ -247,6 +255,7 @@ |
'use_clipboard_aurax11%': '<(use_clipboard_aurax11)', |
'embedded%': '<(embedded)', |
'use_openssl%': '<(use_openssl)', |
+ 'use_openssl_certs%': '<(use_openssl_certs)', |
'use_system_fontconfig%': '<(use_system_fontconfig)', |
'enable_viewport%': '<(enable_viewport)', |
'enable_hidpi%': '<(enable_hidpi)', |
@@ -554,6 +563,14 @@ |
'use_nss%': 0, |
}], |
+ # When OpenSSL is used for SSL and crypto on unix like systems, use |
wtc
2014/03/25 17:18:28
Nit: unix like => Unix-like
haavardm
2014/03/26 12:25:18
Done.
|
+ # OpenSSL's certificate definition. |
+ ['(OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="solaris") and use_openssl==1', { |
+ 'use_openssl_certs%': 1, |
+ }, { |
+ 'use_openssl_certs%': 0, |
+ }], |
+ |
# libudev usage. This currently only affects the content layer. |
['OS=="linux" and embedded==0', { |
'use_udev%': 1, |
@@ -916,6 +933,7 @@ |
'use_cras%': '<(use_cras)', |
'use_mojo%': '<(use_mojo)', |
'use_openssl%': '<(use_openssl)', |
+ 'use_openssl_certs%': '<(use_openssl_certs)', |
'use_nss%': '<(use_nss)', |
'use_udev%': '<(use_udev)', |
'os_bsd%': '<(os_bsd)', |
@@ -1538,6 +1556,7 @@ |
# Always uses openssl. |
'use_openssl%': 1, |
+ 'use_openssl_certs%': 1, |
'proprietary_codecs%': '<(proprietary_codecs)', |
'safe_browsing%': 2, |
@@ -2567,6 +2586,9 @@ |
['<(use_openssl)==1 or >(nacl_untrusted_build)==1', { |
'defines': ['USE_OPENSSL=1'], |
}], |
+ ['<(use_openssl_certs)==1 or >(nacl_untrusted_build)==1', { |
+ 'defines': ['USE_OPENSSL_CERTS=1'], |
+ }], |
wtc
2014/03/25 17:18:28
It seems clearer to rewrite these two as follows:
haavardm
2014/03/26 12:25:18
Done.
|
['<(use_nss)==1 and >(nacl_untrusted_build)==0', { |
'defines': ['USE_NSS=1'], |
}], |