Google Git
Sign in
webrtc / src / 9790e546fc55135a9dff87f5d7d28fb848d90132^! / .
commit9790e546fc55135a9dff87f5d7d28fb848d90132[log] [tgz]
authorRaman Budny <budnyjj@gmail.com>Fri Apr 01 10:18:32 2022
committerWebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Sep 22 15:15:20 2022
treed30227f9ffc1739c56df782cda2cfba9b7641ecd
parentef7359e679e579ccb79afacf5c42e8c6020124e2 [diff]
Adapt generate_sslroots.py to work with different openssl versions

Command [1] on openssl 1.1.1m and newer generates output
containing "unsigned char the_(subject_name|public_key|certificate)"
records, making it incompatible with current version of the script
that relies on "unsigned char XXX_".

This patch handles both cases by using regular expression so as
to match strings and provide an adequate replacement.

[1] - openssl x509 -in <path-to-cacert.pem> -noout -C

Bug: webrtc:11710
Change-Id: I46b87d2980ec2dd26660b93fcf9019254950ce12
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/257420
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Reviewed-by: Christoffer Jansson <jansson@webrtc.org>
Commit-Queue: Christoffer Jansson <jansson@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#38173}

diff --git a/tools_webrtc/sslroots/generate_sslroots.py b/tools_webrtc/sslroots/generate_sslroots.py
index e2da029..291c3ce 100644
--- a/tools_webrtc/sslroots/generate_sslroots.py
+++ b/tools_webrtc/sslroots/generate_sslroots.py

@@ -147,19 +147,22 @@
   command = 'openssl x509 -in %s%s -noout -C' % (root_dir, source_file)
   _PrintOutput(command, options)
   output = subprocess.getstatusoutput(command)[1]
-  renamed_output = output.replace('unsigned char XXX_',
-                                  'const unsigned char ' + label + '_')
+  decl_block = 'unsigned char .*_(%s|%s|%s)' %\
+    (_SUBJECT_NAME_ARRAY, _PUBLIC_KEY_ARRAY, _CERTIFICATE_ARRAY)
+  prog = re.compile(decl_block, re.IGNORECASE)
+  renamed_output = prog.sub('const unsigned char ' + label + r'_\1', output)
+
   filtered_output = ''
   cert_block = '^const unsigned char.*?};$'
-  prog = re.compile(cert_block, re.IGNORECASE | re.MULTILINE | re.DOTALL)
+  prog2 = re.compile(cert_block, re.IGNORECASE | re.MULTILINE | re.DOTALL)
   if not options.full_cert:
-    filtered_output = prog.sub('', renamed_output, count=2)
+    filtered_output = prog2.sub('', renamed_output, count=2)
   else:
     filtered_output = renamed_output
 
   cert_size_block = r'\d\d\d+'
-  prog2 = re.compile(cert_size_block, re.MULTILINE | re.VERBOSE)
-  result = prog2.findall(renamed_output)
+  prog3 = re.compile(cert_size_block, re.MULTILINE | re.VERBOSE)
+  result = prog3.findall(renamed_output)
   cert_size = result[len(result) - 1]
 
   return filtered_output, cert_size