diff options
Diffstat (limited to 'build')
| -rw-r--r-- | build/common.gypi | 16 | ||||
| -rw-r--r-- | build/config/BUILD.gn | 3 | ||||
| -rw-r--r-- | build/config/crypto.gni | 11 |
3 files changed, 27 insertions, 3 deletions
diff --git a/build/common.gypi b/build/common.gypi index 3289014..400081b 100644 --- a/build/common.gypi +++ b/build/common.gypi @@ -741,6 +741,15 @@ 'use_nss_certs%': 0, }], + # NSS verifier usage. + # On non-OpenSSL iOS configurations, certificates use the operating + # system library, but the verifier uses the bundled copy of NSS. + ['(OS=="linux" or OS=="freebsd" or OS=="openbsd" or OS=="solaris") or (OS=="ios" and use_openssl==0)', { + 'use_nss_verifier%': 1, + }, { + 'use_nss_verifier%': 0, + }], + # libudev usage. This currently only affects the content layer. ['OS=="linux" and embedded==0', { 'use_udev%': 1, @@ -1153,6 +1162,7 @@ 'use_openssl%': '<(use_openssl)', 'use_openssl_certs%': '<(use_openssl_certs)', 'use_nss_certs%': '<(use_nss_certs)', + 'use_nss_verifier%': '<(use_nss_verifier)', 'use_udev%': '<(use_udev)', 'os_bsd%': '<(os_bsd)', 'os_posix%': '<(os_posix)', @@ -2125,6 +2135,9 @@ ['use_nss_certs==1', { 'grit_defines': ['-D', 'use_nss_certs'], }], + ['use_nss_verifier==1', { + 'grit_defines': ['-D', 'use_nss_verifier'], + }], ['use_ozone==1', { 'grit_defines': ['-D', 'use_ozone'], }], @@ -3086,6 +3099,9 @@ ['<(use_nss_certs)==1 and >(nacl_untrusted_build)==0', { 'defines': ['USE_NSS_CERTS=1'], }], + ['<(use_nss_verifier)==1 and >(nacl_untrusted_build)==0', { + 'defines': ['USE_NSS_VERIFIER=1'], + }], ['<(chromeos)==1 and >(nacl_untrusted_build)==0', { 'defines': ['OS_CHROMEOS=1'], }], diff --git a/build/config/BUILD.gn b/build/config/BUILD.gn index cfa910d..dca62fd 100644 --- a/build/config/BUILD.gn +++ b/build/config/BUILD.gn @@ -128,6 +128,9 @@ config("feature_flags") { if (use_nss_certs) { defines += [ "USE_NSS_CERTS=1" ] } + if (use_nss_verifier) { + defines += [ "USE_NSS_VERIFIER=1" ] + } if (use_ozone) { defines += [ "USE_OZONE=1" ] } diff --git a/build/config/crypto.gni b/build/config/crypto.gni index 99ce428..7d671cf 100644 --- a/build/config/crypto.gni +++ b/build/config/crypto.gni @@ -24,7 +24,12 @@ declare_args() { # is unsupported. use_openssl_certs = is_android || is_nacl -# True if NSS is used for certificate verification. Note that this is -# independent from use_openssl. It is possible to use OpenSSL for the crypto -# library, but NSS for the platform certificate library. +# True if NSS is used for certificate handling. Note that this is independent +# from use_openssl. It is possible to use OpenSSL for the crypto library, but +# NSS for the platform certificate library. use_nss_certs = is_linux + +# True if NSS is used for certificate verification. On non-OpenSSL iOS +# configurations, certificates use the operating system library, but the +# verifier uses the bundled copy of NSS. +use_nss_verifier = use_nss_certs || (is_ios && !use_openssl) |