Introduce USE_OPENSSL_CERTS for certificate handling.
See discussion at chromium issue 338885. When USE_OPENSSL_CERTS is defined, X509::OSCertHandle is now typedef'ed to struct X509*. When USE_OPENSSL is defined, USE_OPENSSL_CERTS will now be defined for linux and Android, while being off for Mac and Windows. This allows OpenSSL to be used while leaving certificate handling to the OS. OpenSSL cert verifying code will only be used on Linux. This patch does not change any default behavior. Bug=none Test=none Review URL: https://codereview.chromium.org/206453002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@260152 0039d316-1c4b-4281-b951-d872f2087c98
This commit is contained in:
haavardm@opera.com
@ -57,9 +57,15 @@
|
||||
# Whether we are using Views Toolkit
|
||||
'toolkit_views%': 0,
|
||||
|
||||
# Use OpenSSL instead of NSS. Under development: see http://crbug.com/62803
|
||||
# Use OpenSSL instead of NSS as the underlying SSL and crypto
|
||||
# implementation. Certificate verification will in most cases be
|
||||
# handled by the OS. If OpenSSL's struct X509 is used to represent
|
||||
# certificates, use_openssl_certs must be set.
|
||||
'use_openssl%': 0,
|
||||
|
||||
# Typedef X509Certificate::OSCertHandle to OpenSSL's struct X509*.
|
||||
'use_openssl_certs%': 0,
|
||||
|
||||
# Disable viewport meta tag by default.
|
||||
'enable_viewport%': 0,
|
||||
|
||||
@ -135,6 +141,7 @@
|
||||
'use_ozone%': '<(use_ozone)',
|
||||
'embedded%': '<(embedded)',
|
||||
'use_openssl%': '<(use_openssl)',
|
||||
'use_openssl_certs%': '<(use_openssl_certs)',
|
||||
'use_system_fontconfig%': '<(use_system_fontconfig)',
|
||||
'enable_viewport%': '<(enable_viewport)',
|
||||
'enable_hidpi%': '<(enable_hidpi)',
|
||||
@ -256,6 +263,7 @@
|
||||
'use_clipboard_aurax11%': '<(use_clipboard_aurax11)',
|
||||
'embedded%': '<(embedded)',
|
||||
'use_openssl%': '<(use_openssl)',
|
||||
'use_openssl_certs%': '<(use_openssl_certs)',
|
||||
'use_system_fontconfig%': '<(use_system_fontconfig)',
|
||||
'enable_viewport%': '<(enable_viewport)',
|
||||
'enable_hidpi%': '<(enable_hidpi)',
|
||||
@ -568,6 +576,14 @@
|
||||
'use_nss%': 0,
|
||||
}],
|
||||
|
||||
# When OpenSSL is used for SSL and crypto on Unix-like systems, use
|
||||
# OpenSSL's certificate definition.
|
||||
['(OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="solaris") and use_openssl==1', {
|
||||
'use_openssl_certs%': 1,
|
||||
}, {
|
||||
'use_openssl_certs%': 0,
|
||||
}],
|
||||
|
||||
# libudev usage. This currently only affects the content layer.
|
||||
['OS=="linux" and embedded==0', {
|
||||
'use_udev%': 1,
|
||||
@ -932,6 +948,7 @@
|
||||
'use_cras%': '<(use_cras)',
|
||||
'use_mojo%': '<(use_mojo)',
|
||||
'use_openssl%': '<(use_openssl)',
|
||||
'use_openssl_certs%': '<(use_openssl_certs)',
|
||||
'use_nss%': '<(use_nss)',
|
||||
'use_udev%': '<(use_udev)',
|
||||
'os_bsd%': '<(os_bsd)',
|
||||
@ -1556,6 +1573,7 @@
|
||||
|
||||
# Always uses openssl.
|
||||
'use_openssl%': 1,
|
||||
'use_openssl_certs%': 1,
|
||||
|
||||
'proprietary_codecs%': '<(proprietary_codecs)',
|
||||
'safe_browsing%': 2,
|
||||
@ -2588,9 +2606,18 @@
|
||||
}],
|
||||
], # conditions for 'target_defaults'
|
||||
'target_conditions': [
|
||||
['<(use_openssl)==1 or >(nacl_untrusted_build)==1', {
|
||||
['<(use_openssl)==1', {
|
||||
'defines': ['USE_OPENSSL=1'],
|
||||
}],
|
||||
['<(use_openssl_certs)==1', {
|
||||
'defines': ['USE_OPENSSL_CERTS=1'],
|
||||
}],
|
||||
['>(nacl_untrusted_build)==1', {
|
||||
'defines': [
|
||||
'USE_OPENSSL=1',
|
||||
'USE_OPENSSL_CERTS=1',
|
||||
],
|
||||
}],
|
||||
['<(use_nss)==1 and >(nacl_untrusted_build)==0', {
|
||||
'defines': ['USE_NSS=1'],
|
||||
}],
|
||||
|
||||
@ -80,7 +80,7 @@
|
||||
'mac_security_services_lock.h',
|
||||
],
|
||||
}],
|
||||
[ 'OS == "mac" or OS == "ios" or OS == "win"', {
|
||||
[ 'use_openssl == 0 and (OS == "mac" or OS == "ios" or OS == "win")', {
|
||||
'dependencies': [
|
||||
'../third_party/nss/nss.gyp:nspr',
|
||||
'../third_party/nss/nss.gyp:nss',
|
||||
@ -201,12 +201,7 @@
|
||||
'openpgp_symmetric_encryption_unittest.cc',
|
||||
]
|
||||
}],
|
||||
[ 'OS == "mac" or OS == "ios" or OS == "win"', {
|
||||
'dependencies': [
|
||||
'../third_party/nss/nss.gyp:nss',
|
||||
],
|
||||
}],
|
||||
[ 'OS == "mac"', {
|
||||
[ 'use_openssl == 0 and (OS == "mac" or OS == "ios" or OS == "win")', {
|
||||
'dependencies': [
|
||||
'../third_party/nss/nss.gyp:nspr',
|
||||
],
|
||||
|
||||
@ -13,7 +13,8 @@
|
||||
#include "build/build_config.h"
|
||||
#include "crypto/crypto_export.h"
|
||||
|
||||
#if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX)
|
||||
#if defined(USE_NSS) || \
|
||||
(!defined(USE_OPENSSL) && (defined(OS_WIN) || defined(OS_MACOSX)))
|
||||
#include "crypto/scoped_nss_types.h"
|
||||
#endif
|
||||
|
||||
|
||||
@ -14,7 +14,8 @@
|
||||
// See comments for crypto_nacl_win64 in crypto.gyp.
|
||||
// Must test for NACL_WIN64 before OS_WIN since former is a subset of latter.
|
||||
#include "crypto/scoped_capi_types.h"
|
||||
#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX)
|
||||
#elif defined(USE_NSS) || \
|
||||
(!defined(USE_OPENSSL) && (defined(OS_WIN) || defined(OS_MACOSX)))
|
||||
#include "crypto/scoped_nss_types.h"
|
||||
#endif
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
|
||||
#if defined(USE_NSS) || defined(OS_IOS)
|
||||
#include "net/cert/cert_verify_proc_nss.h"
|
||||
#elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
|
||||
#elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
|
||||
#include "net/cert/cert_verify_proc_openssl.h"
|
||||
#elif defined(OS_ANDROID)
|
||||
#include "net/cert/cert_verify_proc_android.h"
|
||||
@ -167,7 +167,7 @@ bool ExaminePublicKeys(const scoped_refptr<X509Certificate>& cert,
|
||||
CertVerifyProc* CertVerifyProc::CreateDefault() {
|
||||
#if defined(USE_NSS) || defined(OS_IOS)
|
||||
return new CertVerifyProcNSS();
|
||||
#elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
|
||||
#elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
|
||||
return new CertVerifyProcOpenSSL();
|
||||
#elif defined(OS_ANDROID)
|
||||
return new CertVerifyProcAndroid();
|
||||
|
||||
@ -157,7 +157,7 @@ TEST_F(CertVerifyProcTest, DISABLED_WithoutRevocationChecking) {
|
||||
&verify_result));
|
||||
}
|
||||
|
||||
#if defined(OS_ANDROID) || defined(USE_OPENSSL)
|
||||
#if defined(OS_ANDROID) || defined(USE_OPENSSL_CERTS)
|
||||
// TODO(jnd): http://crbug.com/117478 - EV verification is not yet supported.
|
||||
#define MAYBE_EVVerification DISABLED_EVVerification
|
||||
#else
|
||||
@ -724,7 +724,7 @@ TEST_F(CertVerifyProcTest, InvalidKeyUsage) {
|
||||
NULL,
|
||||
empty_cert_list_,
|
||||
&verify_result);
|
||||
#if defined(USE_OPENSSL) && !defined(OS_ANDROID)
|
||||
#if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
|
||||
// This certificate has two errors: "invalid key usage" and "untrusted CA".
|
||||
// However, OpenSSL returns only one (the latter), and we can't detect
|
||||
// the other errors.
|
||||
@ -1407,7 +1407,7 @@ TEST_P(CertVerifyProcWeakDigestTest, Verify) {
|
||||
const WeakDigestTestData kVerifyRootCATestData[] = {
|
||||
{ "weak_digest_md5_root.pem", "weak_digest_sha1_intermediate.pem",
|
||||
"weak_digest_sha1_ee.pem", false, false, false },
|
||||
#if defined(USE_OPENSSL) || defined(OS_WIN)
|
||||
#if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
||||
// MD4 is not supported by OS X / NSS
|
||||
{ "weak_digest_md4_root.pem", "weak_digest_sha1_intermediate.pem",
|
||||
"weak_digest_sha1_ee.pem", false, false, false },
|
||||
@ -1422,7 +1422,7 @@ INSTANTIATE_TEST_CASE_P(VerifyRoot, CertVerifyProcWeakDigestTest,
|
||||
const WeakDigestTestData kVerifyIntermediateCATestData[] = {
|
||||
{ "weak_digest_sha1_root.pem", "weak_digest_md5_intermediate.pem",
|
||||
"weak_digest_sha1_ee.pem", true, false, false },
|
||||
#if defined(USE_OPENSSL) || defined(OS_WIN)
|
||||
#if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
||||
// MD4 is not supported by OS X / NSS
|
||||
{ "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem",
|
||||
"weak_digest_sha1_ee.pem", false, true, false },
|
||||
@ -1445,7 +1445,7 @@ WRAPPED_INSTANTIATE_TEST_CASE_P(
|
||||
const WeakDigestTestData kVerifyEndEntityTestData[] = {
|
||||
{ "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
|
||||
"weak_digest_md5_ee.pem", true, false, false },
|
||||
#if defined(USE_OPENSSL) || defined(OS_WIN)
|
||||
#if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
||||
// MD4 is not supported by OS X / NSS
|
||||
{ "weak_digest_sha1_root.pem", "weak_digest_sha1_intermediate.pem",
|
||||
"weak_digest_md4_ee.pem", false, true, false },
|
||||
@ -1469,7 +1469,7 @@ WRAPPED_INSTANTIATE_TEST_CASE_P(MAYBE_VerifyEndEntity,
|
||||
const WeakDigestTestData kVerifyIncompleteIntermediateTestData[] = {
|
||||
{ NULL, "weak_digest_md5_intermediate.pem", "weak_digest_sha1_ee.pem",
|
||||
true, false, false },
|
||||
#if defined(USE_OPENSSL) || defined(OS_WIN)
|
||||
#if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
||||
// MD4 is not supported by OS X / NSS
|
||||
{ NULL, "weak_digest_md4_intermediate.pem", "weak_digest_sha1_ee.pem",
|
||||
false, true, false },
|
||||
@ -1494,7 +1494,7 @@ WRAPPED_INSTANTIATE_TEST_CASE_P(
|
||||
const WeakDigestTestData kVerifyIncompleteEETestData[] = {
|
||||
{ NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md5_ee.pem",
|
||||
true, false, false },
|
||||
#if defined(USE_OPENSSL) || defined(OS_WIN)
|
||||
#if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
||||
// MD4 is not supported by OS X / NSS
|
||||
{ NULL, "weak_digest_sha1_intermediate.pem", "weak_digest_md4_ee.pem",
|
||||
false, true, false },
|
||||
@ -1521,7 +1521,7 @@ const WeakDigestTestData kVerifyMixedTestData[] = {
|
||||
"weak_digest_md2_ee.pem", true, false, true },
|
||||
{ "weak_digest_sha1_root.pem", "weak_digest_md2_intermediate.pem",
|
||||
"weak_digest_md5_ee.pem", true, false, true },
|
||||
#if defined(USE_OPENSSL) || defined(OS_WIN)
|
||||
#if defined(USE_OPENSSL_CERTS) || defined(OS_WIN)
|
||||
// MD4 is not supported by OS X / NSS
|
||||
{ "weak_digest_sha1_root.pem", "weak_digest_md4_intermediate.pem",
|
||||
"weak_digest_md2_ee.pem", false, true, true },
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
|
||||
#if defined(USE_NSS) || defined(OS_IOS)
|
||||
#include <list>
|
||||
#elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
|
||||
#elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
|
||||
#include <vector>
|
||||
#elif defined(OS_WIN)
|
||||
#include <windows.h>
|
||||
@ -25,7 +25,7 @@
|
||||
|
||||
#if defined(USE_NSS)
|
||||
typedef struct CERTCertificateStr CERTCertificate;
|
||||
#elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
|
||||
#elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
|
||||
typedef struct x509_st X509;
|
||||
#endif
|
||||
|
||||
@ -78,7 +78,7 @@ class NET_EXPORT TestRootCerts {
|
||||
// be trusted. By default, this is true, indicating that the TestRootCerts
|
||||
// are used in addition to OS trust store.
|
||||
void SetAllowSystemTrust(bool allow_system_trust);
|
||||
#elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
|
||||
#elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
|
||||
const std::vector<scoped_refptr<X509Certificate> >&
|
||||
temporary_roots() const { return temporary_roots_; }
|
||||
bool Contains(X509* cert) const;
|
||||
@ -106,7 +106,7 @@ class NET_EXPORT TestRootCerts {
|
||||
// settings, in order to restore them when Clear() is called.
|
||||
class TrustEntry;
|
||||
std::list<TrustEntry*> trust_cache_;
|
||||
#elif defined(USE_OPENSSL) && !defined(OS_ANDROID)
|
||||
#elif defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
|
||||
std::vector<scoped_refptr<X509Certificate> > temporary_roots_;
|
||||
#elif defined(OS_WIN)
|
||||
HCERTSTORE temporary_roots_;
|
||||
|
||||
@ -135,7 +135,7 @@ TEST(TestRootCertsTest, OverrideTrust) {
|
||||
EXPECT_EQ(bad_verify_result.cert_status, restored_verify_result.cert_status);
|
||||
}
|
||||
|
||||
#if defined(USE_NSS) || (defined(USE_OPENSSL) && !defined(OS_ANDROID))
|
||||
#if defined(USE_NSS) || (defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID))
|
||||
TEST(TestRootCertsTest, Contains) {
|
||||
// Another test root certificate.
|
||||
const char kRootCertificateFile2[] = "2048-rsa-root.pem";
|
||||
|
||||
@ -25,7 +25,7 @@
|
||||
#include <CoreFoundation/CFArray.h>
|
||||
#include <Security/SecBase.h>
|
||||
|
||||
#elif defined(USE_OPENSSL)
|
||||
#elif defined(USE_OPENSSL_CERTS)
|
||||
// Forward declaration; real one in <x509.h>
|
||||
typedef struct x509_st X509;
|
||||
typedef struct x509_store_st X509_STORE;
|
||||
@ -58,7 +58,7 @@ class NET_EXPORT X509Certificate
|
||||
typedef PCCERT_CONTEXT OSCertHandle;
|
||||
#elif defined(OS_MACOSX)
|
||||
typedef SecCertificateRef OSCertHandle;
|
||||
#elif defined(USE_OPENSSL)
|
||||
#elif defined(USE_OPENSSL_CERTS)
|
||||
typedef X509* OSCertHandle;
|
||||
#elif defined(USE_NSS)
|
||||
typedef struct CERTCertificateStr* OSCertHandle;
|
||||
@ -304,7 +304,7 @@ class NET_EXPORT X509Certificate
|
||||
PCCERT_CONTEXT CreateOSCertChainForCert() const;
|
||||
#endif
|
||||
|
||||
#if defined(USE_OPENSSL)
|
||||
#if defined(USE_OPENSSL_CERTS)
|
||||
// Returns a handle to a global, in-memory certificate store. We
|
||||
// use it for test code, e.g. importing the test server's certificate.
|
||||
static X509_STORE* cert_store();
|
||||
@ -413,7 +413,7 @@ class NET_EXPORT X509Certificate
|
||||
// Common object initialization code. Called by the constructors only.
|
||||
void Initialize();
|
||||
|
||||
#if defined(USE_OPENSSL)
|
||||
#if defined(USE_OPENSSL_CERTS)
|
||||
// Resets the store returned by cert_store() to default state. Used by
|
||||
// TestRootCerts to undo modifications.
|
||||
static void ResetCertStore();
|
||||
|
||||
56
net/net.gyp
56
net/net.gyp
@ -1415,22 +1415,17 @@
|
||||
'third_party/mozilla_security_manager/nsPKCS12Blob.cpp',
|
||||
'third_party/mozilla_security_manager/nsPKCS12Blob.h',
|
||||
],
|
||||
'dependencies': [
|
||||
'../third_party/openssl/openssl.gyp:openssl',
|
||||
],
|
||||
},
|
||||
{ # else !use_openssl: remove the unneeded files
|
||||
'sources!': [
|
||||
'base/crypto_module_openssl.cc',
|
||||
'base/keygen_handler_openssl.cc',
|
||||
'base/openssl_private_key_store.h',
|
||||
'base/openssl_private_key_store_android.cc',
|
||||
'base/openssl_private_key_store_memory.cc',
|
||||
'cert/cert_database_openssl.cc',
|
||||
'cert/cert_verify_proc_openssl.cc',
|
||||
'cert/cert_verify_proc_openssl.h',
|
||||
'cert/ct_log_verifier_openssl.cc',
|
||||
'cert/ct_objects_extractor_openssl.cc',
|
||||
'cert/jwk_serializer_openssl.cc',
|
||||
'cert/test_root_certs_openssl.cc',
|
||||
'cert/x509_certificate_openssl.cc',
|
||||
'cert/x509_util_openssl.cc',
|
||||
'cert/x509_util_openssl.h',
|
||||
'quic/crypto/aead_base_decrypter_openssl.cc',
|
||||
@ -1448,11 +1443,23 @@
|
||||
'socket/ssl_server_socket_openssl.cc',
|
||||
'socket/ssl_session_cache_openssl.cc',
|
||||
'socket/ssl_session_cache_openssl.h',
|
||||
'ssl/openssl_client_key_store.cc',
|
||||
'ssl/openssl_client_key_store.h',
|
||||
],
|
||||
},
|
||||
],
|
||||
[ 'use_openssl_certs == 0', {
|
||||
'sources!': [
|
||||
'base/openssl_private_key_store.h',
|
||||
'base/openssl_private_key_store_android.cc',
|
||||
'base/openssl_private_key_store_memory.cc',
|
||||
'cert/cert_database_openssl.cc',
|
||||
'cert/cert_verify_proc_openssl.cc',
|
||||
'cert/cert_verify_proc_openssl.h',
|
||||
'cert/test_root_certs_openssl.cc',
|
||||
'cert/x509_certificate_openssl.cc',
|
||||
'ssl/openssl_client_key_store.cc',
|
||||
'ssl/openssl_client_key_store.h',
|
||||
],
|
||||
}],
|
||||
[ 'use_glib == 1', {
|
||||
'dependencies': [
|
||||
'../build/linux/system.gyp:gconf',
|
||||
@ -1461,12 +1468,8 @@
|
||||
}],
|
||||
[ 'desktop_linux == 1 or chromeos == 1', {
|
||||
'conditions': [
|
||||
['use_openssl==1', {
|
||||
'dependencies': [
|
||||
'../third_party/openssl/openssl.gyp:openssl',
|
||||
],
|
||||
},
|
||||
{ # else use_openssl==0, use NSS
|
||||
['use_openssl == 0', {
|
||||
# use NSS
|
||||
'dependencies': [
|
||||
'../build/linux/system.gyp:ssl',
|
||||
],
|
||||
@ -1575,10 +1578,15 @@
|
||||
},
|
||||
],
|
||||
[ 'OS == "mac"', {
|
||||
'dependencies': [
|
||||
'../third_party/nss/nss.gyp:nspr',
|
||||
'../third_party/nss/nss.gyp:nss',
|
||||
'third_party/nss/ssl.gyp:libssl',
|
||||
'conditions': [
|
||||
[ 'use_openssl == 0', {
|
||||
'dependencies': [
|
||||
# defaults to nss
|
||||
'../third_party/nss/nss.gyp:nspr',
|
||||
'../third_party/nss/nss.gyp:nss',
|
||||
'third_party/nss/ssl.gyp:libssl',
|
||||
],
|
||||
}],
|
||||
],
|
||||
'link_settings': {
|
||||
'libraries': [
|
||||
@ -2268,10 +2276,14 @@
|
||||
'quic/test_tools/crypto_test_utils_openssl.cc',
|
||||
'socket/ssl_client_socket_openssl_unittest.cc',
|
||||
'socket/ssl_session_cache_openssl_unittest.cc',
|
||||
'ssl/openssl_client_key_store_unittest.cc',
|
||||
],
|
||||
},
|
||||
],
|
||||
[ 'use_openssl_certs == 0', {
|
||||
'sources!': [
|
||||
'ssl/openssl_client_key_store_unittest.cc',
|
||||
],
|
||||
}],
|
||||
[ 'enable_websockets != 1', {
|
||||
'sources/': [
|
||||
['exclude', '^socket_stream/'],
|
||||
@ -2339,7 +2351,7 @@
|
||||
'msvs_disabled_warnings': [4267, ],
|
||||
},
|
||||
],
|
||||
[ 'OS == "mac"', {
|
||||
[ 'OS == "mac" and use_openssl == 0', {
|
||||
'dependencies': [
|
||||
'../third_party/nss/nss.gyp:nspr',
|
||||
'../third_party/nss/nss.gyp:nss',
|
||||
|
||||
@ -389,7 +389,7 @@ SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
|
||||
return *this;
|
||||
}
|
||||
|
||||
#if defined(USE_OPENSSL)
|
||||
#if defined(USE_OPENSSL_CERTS)
|
||||
// When OSCertHandle is typedef'ed to X509, this implementation does a short cut
|
||||
// to avoid converting back and forth between der and X509 struct.
|
||||
void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
|
||||
@ -417,7 +417,7 @@ void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
|
||||
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
|
||||
}
|
||||
}
|
||||
#else // !defined(USE_OPENSSL)
|
||||
#else // !defined(USE_OPENSSL_CERTS)
|
||||
void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
|
||||
STACK_OF(X509)* chain) {
|
||||
openssl_chain_.reset(NULL);
|
||||
@ -455,7 +455,7 @@ void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
|
||||
os_chain_ = NULL;
|
||||
}
|
||||
}
|
||||
#endif // USE_OPENSSL
|
||||
#endif // defined(USE_OPENSSL_CERTS)
|
||||
|
||||
// static
|
||||
SSLSessionCacheOpenSSL::Config
|
||||
@ -471,7 +471,9 @@ void SSLClientSocket::ClearSessionCache() {
|
||||
SSLClientSocketOpenSSL::SSLContext* context =
|
||||
SSLClientSocketOpenSSL::SSLContext::GetInstance();
|
||||
context->session_cache()->Flush();
|
||||
#if defined(USE_OPENSSL_CERTS)
|
||||
OpenSSLClientKeyStore::GetInstance()->Flush();
|
||||
#endif
|
||||
}
|
||||
|
||||
SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
|
||||
@ -1419,7 +1421,7 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
|
||||
DCHECK(ssl == ssl_);
|
||||
DCHECK(*x509 == NULL);
|
||||
DCHECK(*pkey == NULL);
|
||||
|
||||
#if defined(USE_OPENSSL_CERTS)
|
||||
if (!ssl_config_.send_client_cert) {
|
||||
// First pass: we know that a client certificate is needed, but we do not
|
||||
// have one at hand.
|
||||
@ -1456,6 +1458,10 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
|
||||
}
|
||||
LOG(WARNING) << "Client cert found without private key";
|
||||
}
|
||||
#else // !defined(USE_OPENSSL_CERTS)
|
||||
// OS handling of client certificates is not yet implemented.
|
||||
NOTIMPLEMENTED();
|
||||
#endif // defined(USE_OPENSSL_CERTS)
|
||||
|
||||
// Send no client certificate.
|
||||
return 0;
|
||||
|
||||
@ -24,7 +24,6 @@ namespace net {
|
||||
|
||||
namespace {
|
||||
|
||||
#if !defined(USE_OPENSSL)
|
||||
void FailTest(int /* result */) {
|
||||
FAIL();
|
||||
}
|
||||
@ -117,8 +116,6 @@ MockServerBoundCertStoreWithAsyncGet::CallGetServerBoundCertCallbackWithResult(
|
||||
cert));
|
||||
}
|
||||
|
||||
#endif // !defined(USE_OPENSSL)
|
||||
|
||||
class ServerBoundCertServiceTest : public testing::Test {
|
||||
public:
|
||||
ServerBoundCertServiceTest()
|
||||
@ -150,9 +147,6 @@ TEST_F(ServerBoundCertServiceTest, GetDomainForHost) {
|
||||
ServerBoundCertService::GetDomainForHost("127.0.0.1"));
|
||||
}
|
||||
|
||||
// See http://crbug.com/91512 - implement OpenSSL version of CreateSelfSigned.
|
||||
#if !defined(USE_OPENSSL)
|
||||
|
||||
TEST_F(ServerBoundCertServiceTest, GetCacheMiss) {
|
||||
std::string host("encrypted.google.com");
|
||||
|
||||
@ -775,8 +769,6 @@ TEST_F(ServerBoundCertServiceTest, AsyncStoreGetThenCreateNoCertsInStore) {
|
||||
EXPECT_FALSE(request_handle2.is_active());
|
||||
}
|
||||
|
||||
#endif // !defined(USE_OPENSSL)
|
||||
|
||||
} // namespace
|
||||
|
||||
} // namespace net
|
||||
|
||||
@ -7193,12 +7193,12 @@ static bool SystemSupportsHardFailRevocationChecking() {
|
||||
// several tests are effected because our testing EV certificate won't be
|
||||
// recognised as EV.
|
||||
static bool SystemUsesChromiumEVMetadata() {
|
||||
#if defined(USE_OPENSSL)
|
||||
#if defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
|
||||
// http://crbug.com/117478 - OpenSSL does not support EV validation.
|
||||
return false;
|
||||
#elif defined(OS_MACOSX) && !defined(OS_IOS)
|
||||
// On OS X, we use the system to tell us whether a certificate is EV or not
|
||||
// and the system won't recognise our testing root.
|
||||
#elif (defined(OS_MACOSX) && !defined(OS_IOS)) || defined(OS_ANDROID)
|
||||
// On OS X and Android, we use the system to tell us whether a certificate is
|
||||
// EV or not and the system won't recognise our testing root.
|
||||
return false;
|
||||
#else
|
||||
return true;
|
||||
|
||||
Reference in New Issue
Block a user