Support building BoringSSL with NSS certificates.

build/common.gypi

 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 # IMPORTANT:
 # Please don't directly include this file if you are building via gyp_chromium,
 # since gyp_chromium is automatically forcing its inclusion.
 {
   # Variables expected to be overriden on the GYP command line (-D) or by
   # ~/.gyp/include.gypi.
@@ skipping 52 matching lines @@
 
           # Use the PCI lib to collect GPU information.
           'use_libpci%': 1,
 
           # Use OpenSSL instead of NSS as the underlying SSL and crypto
           # implementation. Certificate verification will in most cases be
           # handled by the OS. If OpenSSL's struct X509 is used to represent
           # certificates, use_openssl_certs must be set.
           'use_openssl%': 0,
 
-          # Typedef X509Certificate::OSCertHandle to OpenSSL's struct X509*.
+          # Use OpenSSL for representing certificates. When targeting Android,
+          # the platform certificate library is used for certificate
+          # verification. On other targets, this flag also enables OpenSSL for
+          # certificate verification, but this configuration is unsupported.
           'use_openssl_certs%': 0,
 
           # Disable viewport meta tag by default.
           'enable_viewport%': 0,
 
           # Enable HiDPI support.
           'enable_hidpi%': 0,
 
           # Override buildtype to select the desired build flavor.
           # Dev - everyday build for development/testing
@@ skipping 557 matching lines @@
           'os_posix%': 1,
         }],
 
         # A flag for BSD platforms
         ['OS=="freebsd" or OS=="openbsd"', {
           'os_bsd%': 1,
         }, {
           'os_bsd%': 0,
         }],
 
-        # NSS usage.
-        ['(OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="solaris") and use_openssl==0', {
+        # NSS usage. This controls whether NSS is used for certificate
+        # validation and storage (like use_openssl_certs). For historical
+        # reasons, this flag is named use_nss rather than use_nss_certs. In
+        # particular, note it is possible to set both use_openssl and use_nss.
+        ['(OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="solaris")', {
           'use_nss%': 1,
         }, {
           'use_nss%': 0,
         }],
 
-        # When OpenSSL is used for SSL and crypto on Unix-like systems, use
-        # OpenSSL's certificate definition.
-        ['(OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="solaris") and use_openssl==1', {
-          'use_openssl_certs%': 1,
-        }, {
-          'use_openssl_certs%': 0,
-        }],
-
         # libudev usage.  This currently only affects the content layer.
         ['OS=="linux" and embedded==0', {
           'use_udev%': 1,
         }, {
           'use_udev%': 0,
         }],
 
         # Flags to use X11 on non-Mac POSIX platforms.
         ['OS=="win" or OS=="mac" or OS=="ios" or OS=="android" or use_ozone==1', {
           'use_x11%': 0,
@@ skipping 2301 matching lines @@
       ['>(nacl_untrusted_build)==1', {
         'defines': [
           'USE_OPENSSL=1',
           'USE_OPENSSL_CERTS=1',
         ],
       }],
       ['<(use_glib)==1 and >(nacl_untrusted_build)==0', {
         'defines': ['USE_GLIB=1'],
       }],
       ['<(use_nss)==1 and >(nacl_untrusted_build)==0', {
+        # USE_NSS really means NSS is used for certificate validation and
+        # storage (like USE_OPENSSL_CERTS). For historical reasons, this flag is
+        # named USE_NSS rather than USE_NSS_CERTS. In particular, note it is
+        # possible to set both USE_OPENSSL and USE_NSS.
         'defines': ['USE_NSS=1'],
       }],
       ['<(chromeos)==1 and >(nacl_untrusted_build)==0', {
         'defines': ['OS_CHROMEOS=1'],
       }],
       ['enable_wexit_time_destructors==1 and OS!="win"', {
         # TODO: Enable on Windows too, http://crbug.com/404525
         'variables': { 'clang_warning_flags': ['-Wexit-time-destructors']},
       }],
       ['chromium_code==0', {
@@ skipping 2925 matching lines @@
     # settings in target dicts.  SYMROOT is a special case, because many other
     # Xcode variables depend on it, including variables such as
     # PROJECT_DERIVED_FILE_DIR.  When a source group corresponding to something
     # like PROJECT_DERIVED_FILE_DIR is added to a project, in order for the
     # files to appear (when present) in the UI as actual files and not red
     # red "missing file" proxies, the correct path to PROJECT_DERIVED_FILE_DIR,
     # and therefore SYMROOT, needs to be set at the project level.
     'SYMROOT': '<(DEPTH)/xcodebuild',
   },
 }