Unify the build define to enable or disable built in ssl root certificates.

The current approach for enabling or disabling built in ssl root certificates
was a bit confusing. This changeset unifies everything to a common define.

Bug: webrtc:9332
Change-Id: I7a0c18410d05df4b786741c3b9196d97fbb8d7b6
Reviewed-on: https://webrtc-review.googlesource.com/79746
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23495}

rtc_base/BUILD.gn

@@ -874,7 +874,7 @@ rtc_static_library("rtc_base_generic") {
   }
 
   if (rtc_builtin_ssl_root_certificates) {
-    defines += [ "WEBRTC_ENABLE_BUILT_IN_SSL_ROOT_CERTIFICATES" ]
+    defines += [ "WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES" ]
   }
 
   if (is_android) {
@@ -1305,9 +1305,8 @@ if (rtc_include_tests) {
     } else {
       configs += [ ":external_ssl_library" ]
     }
-
+    if (rtc_builtin_ssl_root_certificates) {
-    if (!rtc_builtin_ssl_root_certificates) {
+      defines += [ "WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES" ]
-      defines += [ "WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES" ]
     }
   }
 }

rtc_base/openssladapter.cc

@@ -908,14 +908,14 @@ SSL_CTX* OpenSSLAdapter::CreateContext(SSLMode mode, bool enable_cache) {
     return nullptr;
   }
 
-#ifndef WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
   if (!openssl::LoadBuiltinSSLRootCertificates(ctx)) {
     RTC_LOG(LS_ERROR) << "SSL_CTX creation failed: Failed to load any trusted "
                          "ssl root certificates.";
     SSL_CTX_free(ctx);
     return nullptr;
   }
-#endif  // WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif  // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
 
 #if !defined(NDEBUG)
   SSL_CTX_set_info_callback(ctx, SSLInfoCallback);

rtc_base/opensslcertificate.cc

@@ -36,7 +36,7 @@
 #include "rtc_base/opensslidentity.h"
 #include "rtc_base/opensslutility.h"
 #include "rtc_base/ptr_util.h"
-#ifndef WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
 #include "rtc_base/sslroots.h"
 #endif
 

rtc_base/opensslutility.cc

@@ -32,9 +32,9 @@
 #include "rtc_base/numerics/safe_conversions.h"
 #include "rtc_base/openssl.h"
 #include "rtc_base/opensslcertificate.h"
-#ifdef WEBRTC_ENABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
 #include "rtc_base/sslroots.h"
-#endif  // WEBRTC_ENABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif  // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
 
 namespace rtc {
 namespace openssl {
@@ -109,7 +109,7 @@ void LogSSLErrors(const std::string& prefix) {
   }
 }
 
-#ifdef WEBRTC_ENABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
 bool LoadBuiltinSSLRootCertificates(SSL_CTX* ctx) {
   int count_of_added_certs = 0;
   for (size_t i = 0; i < arraysize(kSSLCertCertificateList); i++) {
@@ -129,7 +129,7 @@ bool LoadBuiltinSSLRootCertificates(SSL_CTX* ctx) {
   }
   return count_of_added_certs > 0;
 }
-#endif  // WEBRTC_ENABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif  // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
 
 }  // namespace openssl
 }  // namespace rtc

rtc_base/opensslutility.h

@@ -28,12 +28,12 @@ bool VerifyPeerCertMatchesHost(SSL* ssl, const std::string& host);
 // prefix can be provided for context.
 void LogSSLErrors(const std::string& prefix);
 
-#ifndef WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
 // Attempt to add the certificates from the loader into the SSL_CTX. False is
 // returned only if there are no certificates returned from the loader or none
 // of them can be added to the TrustStore for the provided context.
 bool LoadBuiltinSSLRootCertificates(SSL_CTX* ssl_ctx);
-#endif  // WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif  // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
 
 }  // namespace openssl
 }  // namespace rtc