From 47f8255830edd2e66820fb325c976add32f34276 Mon Sep 17 00:00:00 2001
From: klzgrad <kizdiv@gmail.com>
Date: Sun, 16 May 2021 00:46:34 +0800
Subject: [PATCH] cert: Use builtin verifier on Android and Linux

---
 src/net/BUILD.gn                   | 2 +-
 src/net/cert/cert_verifier.cc      | 3 ++-
 src/net/cert/cert_verify_proc.cc   | 9 ++++++---
 src/net/cert/cert_verify_proc.h    | 6 ++++--
 src/net/cert/ev_root_ca_metadata.h | 2 +-
 5 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/net/BUILD.gn b/src/net/BUILD.gn
index 6664aeab02..53f426494d 100644
--- a/src/net/BUILD.gn
+++ b/src/net/BUILD.gn
@@ -1150,7 +1150,6 @@ component("net") {
       "android/radio_activity_tracker.h",
       "android/traffic_stats.h",
       "cert/cert_verify_proc_android.h",
-      "cert/test_root_certs_android.cc",
       "proxy_resolution/proxy_config_service_android.h",
     ]
   }
@@ -1192,6 +1191,7 @@ component("net") {
       "base/network_interfaces_linux.cc",
       "base/network_interfaces_linux.h",
       "base/platform_mime_util_linux.cc",
+      "cert/test_root_certs_builtin.cc",
     ]
   }
 
diff --git a/src/net/cert/cert_verifier.cc b/src/net/cert/cert_verifier.cc
index fad01a1c3d..3984628b26 100644
--- a/src/net/cert/cert_verifier.cc
+++ b/src/net/cert/cert_verifier.cc
@@ -78,7 +78,8 @@ bool CertVerifier::RequestParams::operator<(
 std::unique_ptr<CertVerifier> CertVerifier::CreateDefaultWithoutCaching(
     scoped_refptr<CertNetFetcher> cert_net_fetcher) {
   scoped_refptr<CertVerifyProc> verify_proc;
-#if defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS)
+#if defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) || \
+    defined(OS_ANDROID)
   verify_proc =
       CertVerifyProc::CreateBuiltinVerifyProc(std::move(cert_net_fetcher));
 #elif BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED)
diff --git a/src/net/cert/cert_verify_proc.cc b/src/net/cert/cert_verify_proc.cc
index 9c06a71483..90467063ac 100644
--- a/src/net/cert/cert_verify_proc.cc
+++ b/src/net/cert/cert_verify_proc.cc
@@ -47,7 +47,8 @@
 #include "third_party/boringssl/src/include/openssl/pool.h"
 #include "url/url_canon.h"
 
-#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC)
+#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) || \
+    defined(OS_ANDROID) || defined(OS_LINUX)
 #include "net/cert/cert_verify_proc_builtin.h"
 #endif
 
@@ -468,7 +469,8 @@ base::Value CertVerifyParams(X509Certificate* cert,
 
 }  // namespace
 
-#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS))
+#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) || \
+      defined(OS_ANDROID))
 // static
 scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc(
     scoped_refptr<CertNetFetcher> cert_net_fetcher) {
@@ -486,7 +488,8 @@ scoped_refptr<CertVerifyProc> CertVerifyProc::CreateSystemVerifyProc(
 }
 #endif
 
-#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC)
+#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) || \
+    defined(OS_ANDROID) || defined(OS_LINUX)
 // static
 scoped_refptr<CertVerifyProc> CertVerifyProc::CreateBuiltinVerifyProc(
     scoped_refptr<CertNetFetcher> cert_net_fetcher) {
diff --git a/src/net/cert/cert_verify_proc.h b/src/net/cert/cert_verify_proc.h
index 3d38ff8230..a76a730745 100644
--- a/src/net/cert/cert_verify_proc.h
+++ b/src/net/cert/cert_verify_proc.h
@@ -65,14 +65,16 @@ class NET_EXPORT CertVerifyProc
     kMaxValue = kChainLengthOne
   };
 
-#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS))
+#if !(defined(OS_FUCHSIA) || defined(OS_LINUX) || defined(OS_CHROMEOS) || \
+      defined(OS_ANDROID))
   // Creates and returns a CertVerifyProc that uses the system verifier.
   // |cert_net_fetcher| may not be used, depending on the implementation.
   static scoped_refptr<CertVerifyProc> CreateSystemVerifyProc(
       scoped_refptr<CertNetFetcher> cert_net_fetcher);
 #endif
 
-#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC)
+#if defined(OS_FUCHSIA) || defined(USE_NSS_CERTS) || defined(OS_MAC) || \
+    defined(OS_ANDROID) || defined(OS_LINUX)
   // Creates and returns a CertVerifyProcBuiltin using the SSL SystemTrustStore.
   static scoped_refptr<CertVerifyProc> CreateBuiltinVerifyProc(
       scoped_refptr<CertNetFetcher> cert_net_fetcher);
diff --git a/src/net/cert/ev_root_ca_metadata.h b/src/net/cert/ev_root_ca_metadata.h
index 3c501d5f28..6aae85b5a4 100644
--- a/src/net/cert/ev_root_ca_metadata.h
+++ b/src/net/cert/ev_root_ca_metadata.h
@@ -16,7 +16,7 @@
 #include "net/cert/x509_certificate.h"
 
 #if defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_APPLE) || \
-    defined(OS_FUCHSIA)
+    defined(OS_FUCHSIA) || defined(OS_ANDROID) || defined(OS_LINUX)
 // When not defined, the EVRootCAMetadata singleton is a dumb placeholder
 // implementation that will fail all EV lookup operations.
 #define PLATFORM_USES_CHROMIUM_EV_METADATA