diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-27 19:36:22 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-27 19:36:22 +0000 |
| commit | abd4aba8725fdd0e604f727e617105725b709259 (patch) | |
| tree | 007c410bf538052e0868b545f5a0bac497904331 /base/nss_util.cc | |
| parent | 11f85946bf3db866584e83c92bbea9c2a769fcd7 (diff) | |
| download | chromium_src-abd4aba8725fdd0e604f727e617105725b709259.zip chromium_src-abd4aba8725fdd0e604f727e617105725b709259.tar.gz chromium_src-abd4aba8725fdd0e604f727e617105725b709259.tar.bz2 | |
Use nss_util.{h,cc} also on Windows. On Windows, NSS is
initialized without databases because we'll continue to use
the Windows system certificate store.
base\third_party\nss is now compiled with -DNO_NSPR_10_SUPPORT
(because the NSPR 1.0 types int8 - int64 and uint8 - uint64
conflict with the same-named types in "base/basictypes.h"),
so the uint32 type needs to be replaced by unsigned int.
R=agl,mark
BUG=28744
TEST=No build errors.
Review URL: http://codereview.chromium.org/557012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37289 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base/nss_util.cc')
| -rw-r--r-- | base/nss_util.cc | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/base/nss_util.cc b/base/nss_util.cc index f440f70..13f61b6 100644 --- a/base/nss_util.cc +++ b/base/nss_util.cc @@ -17,8 +17,16 @@ #include "base/singleton.h" #include "base/string_util.h" +// On some platforms, we use NSS for SSL only -- we don't use NSS for crypto +// or certificate verification, and we don't use the NSS certificate and key +// databases. +#if defined(OS_WIN) +#define USE_NSS_FOR_SSL_ONLY 1 +#endif + namespace { +#if !defined(USE_NSS_FOR_SSL_ONLY) std::string GetDefaultConfigDirectory() { const char* home = getenv("HOME"); if (home == NULL) { @@ -49,6 +57,7 @@ SECMODModule *InitDefaultRootCerts() { NOTREACHED(); return NULL; } +#endif // !defined(USE_NSS_FOR_SSL_ONLY) // A singleton to initialize/deinitialize NSPR. // Separate from the NSS singleton because we initialize NSPR on the UI thread. @@ -69,7 +78,7 @@ class NSPRInitSingleton { class NSSInitSingleton { public: - NSSInitSingleton() { + NSSInitSingleton() : root_(NULL) { base::EnsureNSPRInit(); // We *must* have NSS >= 3.12.3. See bug 26448. @@ -83,6 +92,14 @@ class NSSInitSingleton { CHECK(NSS_VersionCheck("3.12.3")) << "We depend on NSS >= 3.12.3"; SECStatus status = SECFailure; +#if defined(USE_NSS_FOR_SSL_ONLY) + // Use the system certificate store, so initialize NSS without database. + status = NSS_NoDB_Init(NULL); + if (status != SECSuccess) { + LOG(ERROR) << "Error initializing NSS without a persistent " + "database: NSS error code " << PR_GetError(); + } +#else std::string database_dir = GetDefaultConfigDirectory(); if (!database_dir.empty()) { // Initialize with a persistant database (~/.pki/nssdb). @@ -117,6 +134,7 @@ class NSSInitSingleton { } root_ = InitDefaultRootCerts(); +#endif // defined(USE_NSS_FOR_SSL_ONLY) } ~NSSInitSingleton() { |