Instead of defining a pre-processor macro when someone wants to
include built-in ssl roots certs, this CL switches the default and
assumes everyone prefer to include built-in ssl roots certs.
If built-in ssl roots certs are not needed because they are injected
in the PeerConnection it will be possible to define a pre-processor
macro (WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS) to remove them.
In a GN build it is possible to tell GN to define the macro by setting
rtc_builtin_ssl_root_certificates to false in "gn args".
Bug: webrtc:9332
Change-Id: Icc3f2caeddca6899cbc5974f21b480d75d15556f
Reviewed-on: https://webrtc-review.googlesource.com/94147
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24302}
Running clang-format with chromium's style guide.
The goal is n-fold:
* providing consistency and readability (that's what code guidelines are for)
* preventing noise with presubmit checks and git cl format
* building on the previous point: making it easier to automatically fix format issues
* you name it
Please consider using git-hyper-blame to ignore this commit.
Bug: webrtc:9340
Change-Id: I694567c4cdf8cee2860958cfe82bfaf25848bb87
Reviewed-on: https://webrtc-review.googlesource.com/81185
Reviewed-by: Patrik Höglund <phoglund@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23660}
The current approach for enabling or disabling built in ssl root certificates
was a bit confusing. This changeset unifies everything to a common define.
Bug: webrtc:9332
Change-Id: I7a0c18410d05df4b786741c3b9196d97fbb8d7b6
Reviewed-on: https://webrtc-review.googlesource.com/79746
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23495}
This extends the API surface so that
custom certificates can be provided by an API user in both the standalone and
factory creation paths for the OpenSSLAdapter. Prior to this change the SSL
roots were hardcoded in a header file and directly included into
openssladapter.cc. This forces the 100 kilobytes of certificates to always be
compiled into the library. This is undesirable in certain linking cases where
these certificates can be shared from another binary that already has an
equivalent set of trusted roots hard coded into the binary.
Support for removing the hard coded SSL roots has also been added through a new
build flag. By default the hard coded SSL roots will be included and will be
used if no other trusted root certificates are provided.
The main goal of this CL is to reduce total binary size requirements of WebRTC
by about 100kb in certain applications where adding these certificates is
redundant.
Change-Id: Ifd36d92b5cb32d1b3098a61ddfc244d76df8f30f
Bug: chromium:526260
Change-Id: Ifd36d92b5cb32d1b3098a61ddfc244d76df8f30f
Reviewed-on: https://webrtc-review.googlesource.com/64841
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23180}
This changeset refactors the OpenSSLSessionCache out of the Factory. Instead of
directly injecting a pointer to the factory to each OpenSSLAdapter instead just
a pointer to the OpenSSLSessionCache is submitted which the Factory is the sole
owner of. This provides a cleaner dependency injection interface and allows the
OpenSSLSessionCache to be tested independently of the factory that uses it. It
also allows for the factories role to be more clearly defined allowing for
additional dependency injection in future updates.
This change also removes the habit of having OpenSSL typedefs around certain
functions and instead uses the standardised ossl_typ.h header which contains
these typedefs. This makes the headers more directly tied to just what they are
responsible for doing.
Bug: webrtc:9085
Change-Id: I7938178b70acc613856139d387a1b46928dca6ad
Reviewed-on: https://webrtc-review.googlesource.com/66941
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22758}
This changeset addresses concerns about how the OpenSSLAdapter does certificate
name matching. The current approach has a number of issues which are outlined
in the bug description. The approach taken in this changeset is to use the
standard function X509_check_host which should correctly parse the wildcard
expansions and is directly supported in OpenSSL instead of attempting my own
implementation. This changeset uses this as an opportunity to add additional
parameter checking and refactoring logging code out of the main code path.
Bug: webrtc:8888
Change-Id: Iaffe1daddcd52193ba674489f613ce8515b81e91
Reviewed-on: https://webrtc-review.googlesource.com/65022
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Reviewed-by: Emad Omara <emadomara@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22755}
OpenSSL is making a lot of data structure opaque, so we can no longer directly access internal data structure. Fortunately, API methods are provided for this purpose.
BoringSSL is sharing the same API.
Bug: webrtc:8817
Change-Id: Ia5090200f0e7c352f82e8191720ac4c14fbb5a85
Reviewed-on: https://webrtc-review.googlesource.com/47321
Commit-Queue: Tommi <tommi@webrtc.org>
Reviewed-by: Justin Uberti <juberti@webrtc.org>
Reviewed-by: Emad Omara <emadomara@webrtc.org>
Reviewed-by: Tommi <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21895}
This CL adds #error to spot where rtc_base/win32.h is unconditionally
included and fixes all the places where it happens.
Bug: webrtc:8814
Change-Id: I3c005acf2cdb58a51f1bcaa4acaeebd272c56660
Reviewed-on: https://webrtc-review.googlesource.com/46060
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21840}
The reasons behind this change:
1. In OpenSSL 1.1.0. BIO will be an opaque object. We won't have direct access to the `num` field.
2. `num` is only used by OpenSSL provided BIOs and different types of BIOs use num differently.
WebRTC is providing its own customized BIO implementation, it probably shouldn't piggyback into
this internal field to store the stream/socket state.
4. We can access the stream/socket state directly using the underlying object anyway.
Bug: webrtc:8817
Change-Id: I41cdd2920fba378e312e8436a7b9733381555522
Reviewed-on: https://webrtc-review.googlesource.com/46360
Commit-Queue: Jiawei Ou <ouj@fb.com>
Reviewed-by: Tommi <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21814}
Specifically, I'm moving
safe_compare.h
safe_conversions.h
safe_minmax.h
They shouldn't be part of the API, and moving them to an appropriate
subdirectory of rtc_base/ is a good way to keep track of that.
BUG=webrtc:8445
Change-Id: I458531aeb30bcf4291c4bec3bf22a2fffbf054ff
Reviewed-on: https://webrtc-review.googlesource.com/20860
Commit-Queue: Karl Wiberg <kwiberg@webrtc.org>
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20829}
In order to eliminate the WebRTC Subtree mirror in Chromium,
WebRTC is moving the content of the src/webrtc directory up
to the src/ directory.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
TBR=tommi@webrtc.org
Bug: chromium:611808
Change-Id: Iac59c5b51b950f174119565bac87955a7994bc38
Reviewed-on: https://webrtc-review.googlesource.com/1560
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Henrik Kjellander <kjellander@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#19845}
