Change the default behaviour rtc_builtin_ssl_root_certificates.
Instead of defining a pre-processor macro when someone wants to
include built-in ssl roots certs, this CL switches the default and
assumes everyone prefer to include built-in ssl roots certs.
If built-in ssl roots certs are not needed because they are injected
in the PeerConnection it will be possible to define a pre-processor
macro (WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS) to remove them.
In a GN build it is possible to tell GN to define the macro by setting
rtc_builtin_ssl_root_certificates to false in "gn args".
Bug: webrtc:9332
Change-Id: Icc3f2caeddca6899cbc5974f21b480d75d15556f
Reviewed-on: https://webrtc-review.googlesource.com/94147
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24302}diff --git a/rtc_base/openssladapter.cc b/rtc_base/openssladapter.cc
index 05de6d0..50284a6 100644
--- a/rtc_base/openssladapter.cc
+++ b/rtc_base/openssladapter.cc
@@ -907,14 +907,14 @@
return nullptr;
}
-#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifndef WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
if (!openssl::LoadBuiltinSSLRootCertificates(ctx)) {
RTC_LOG(LS_ERROR) << "SSL_CTX creation failed: Failed to load any trusted "
"ssl root certificates.";
SSL_CTX_free(ctx);
return nullptr;
}
-#endif // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif // WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
#if !defined(NDEBUG)
SSL_CTX_set_info_callback(ctx, SSLInfoCallback);
