Unify the build define to enable or disable built in ssl root certificates.
The current approach for enabling or disabling built in ssl root certificates
was a bit confusing. This changeset unifies everything to a common define.
Bug: webrtc:9332
Change-Id: I7a0c18410d05df4b786741c3b9196d97fbb8d7b6
Reviewed-on: https://webrtc-review.googlesource.com/79746
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23495}diff --git a/rtc_base/BUILD.gn b/rtc_base/BUILD.gn
index b9cf3b9..b49d00a 100644
--- a/rtc_base/BUILD.gn
+++ b/rtc_base/BUILD.gn
@@ -874,7 +874,7 @@
}
if (rtc_builtin_ssl_root_certificates) {
- defines += [ "WEBRTC_ENABLE_BUILT_IN_SSL_ROOT_CERTIFICATES" ]
+ defines += [ "WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES" ]
}
if (is_android) {
@@ -1305,9 +1305,8 @@
} else {
configs += [ ":external_ssl_library" ]
}
-
- if (!rtc_builtin_ssl_root_certificates) {
- defines += [ "WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES" ]
+ if (rtc_builtin_ssl_root_certificates) {
+ defines += [ "WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES" ]
}
}
}
diff --git a/rtc_base/openssladapter.cc b/rtc_base/openssladapter.cc
index 48b8978..9563ab4 100644
--- a/rtc_base/openssladapter.cc
+++ b/rtc_base/openssladapter.cc
@@ -908,14 +908,14 @@
return nullptr;
}
-#ifndef WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
if (!openssl::LoadBuiltinSSLRootCertificates(ctx)) {
RTC_LOG(LS_ERROR) << "SSL_CTX creation failed: Failed to load any trusted "
"ssl root certificates.";
SSL_CTX_free(ctx);
return nullptr;
}
-#endif // WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
#if !defined(NDEBUG)
SSL_CTX_set_info_callback(ctx, SSLInfoCallback);
diff --git a/rtc_base/opensslcertificate.cc b/rtc_base/opensslcertificate.cc
index 005e96f..bdcf694 100644
--- a/rtc_base/opensslcertificate.cc
+++ b/rtc_base/opensslcertificate.cc
@@ -36,7 +36,7 @@
#include "rtc_base/opensslidentity.h"
#include "rtc_base/opensslutility.h"
#include "rtc_base/ptr_util.h"
-#ifndef WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
#include "rtc_base/sslroots.h"
#endif
diff --git a/rtc_base/opensslutility.cc b/rtc_base/opensslutility.cc
index 34ebc9e..2b4ffb6 100644
--- a/rtc_base/opensslutility.cc
+++ b/rtc_base/opensslutility.cc
@@ -32,9 +32,9 @@
#include "rtc_base/numerics/safe_conversions.h"
#include "rtc_base/openssl.h"
#include "rtc_base/opensslcertificate.h"
-#ifdef WEBRTC_ENABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
#include "rtc_base/sslroots.h"
-#endif // WEBRTC_ENABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
namespace rtc {
namespace openssl {
@@ -109,7 +109,7 @@
}
}
-#ifdef WEBRTC_ENABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
bool LoadBuiltinSSLRootCertificates(SSL_CTX* ctx) {
int count_of_added_certs = 0;
for (size_t i = 0; i < arraysize(kSSLCertCertificateList); i++) {
@@ -129,7 +129,7 @@
}
return count_of_added_certs > 0;
}
-#endif // WEBRTC_ENABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
} // namespace openssl
} // namespace rtc
diff --git a/rtc_base/opensslutility.h b/rtc_base/opensslutility.h
index 3e2d7fc..f579f50 100644
--- a/rtc_base/opensslutility.h
+++ b/rtc_base/opensslutility.h
@@ -28,12 +28,12 @@
// prefix can be provided for context.
void LogSSLErrors(const std::string& prefix);
-#ifndef WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
// Attempt to add the certificates from the loader into the SSL_CTX. False is
// returned only if there are no certificates returned from the loader or none
// of them can be added to the TrustStore for the provided context.
bool LoadBuiltinSSLRootCertificates(SSL_CTX* ssl_ctx);
-#endif // WEBRTC_DISABLE_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
} // namespace openssl
} // namespace rtc
