Google Git
Sign in
chromium / chromiumos / platform2 / libbrillo / 07fe8c81e3f2306f5831a0e4e018666a22d737b4
commit07fe8c81e3f2306f5831a0e4e018666a22d737b4[log] [tgz]
authorAlex Khouderchah <akhouderchah@chromium.org>Thu Feb 28 19:05:02 2019
committerchrome-bot <chrome-bot@chromium.org>Fri Mar 15 23:48:44 2019
tree38f4b2347a07eeea1ebb99f6ebbd155b06c52433
parentba1ed774a9b0eeb71ee7ef94919d17f00dba3a54 [diff]
libbrillo: http: Use chromeos CA certs rather than NSS store

Prior to this change, all HTTPS communication through
http::curl::Transport was using the /etc/ssl/certs/ca-certificates.crt
bundle for certificate verification. This CL modifies that behavior
such that only certificates in /usr/share/chromeos-ca-certificates/
are used.

Note that since we are now performing certificate verification with
a more narrow subset of root CA certificates, the interface of
http::curl::Transport is fundamentally changed to only allow
communication with Google services. CL:1490871 adds the ability
to specify a certificate path to use, such that clients may use
this class to communicate with non-Google services if they have
good reason to do so.

BUG=chromium:936484
TEST=All unit tests are passing.

Change-Id: I207dd08e909f5101b85325b2add6bcbf336567d7
Reviewed-on: https://chromium-review.googlesource.com/1495422
Commit-Ready: Alex Khouderchah <akhouderchah@chromium.org>
Tested-by: Alex Khouderchah <akhouderchah@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Cr-Mirrored-From: https://chromium.googlesource.com/chromiumos/platform2
Cr-Mirrored-Commit: 056e05be53086ef15fc85a63190582c321f55b34
3 files changed
tree: 38f4b2347a07eeea1ebb99f6ebbd155b06c52433
  1. brillo/
  2. install_attributes/
  3. policy/
  4. libbrillo-462023.gypi
  5. libbrillo-glib.pc.in
  6. libbrillo-test.pc.in
  7. libbrillo.gyp
  8. libbrillo.gypi
  9. libbrillo.pc.in
  10. libinstallattributes.gypi
  11. libpolicy.gypi
  12. libpolicy.ver
  13. OWNERS
  14. platform2_preinstall.sh
  15. PRESUBMIT.cfg
  16. README.md
  17. testrunner.cc
README.md

libbrillo: platform utility library

libbrillo is a shared library meant to hold common utility code that we deem useful for platform projects. It supplements the functionality provided by libbase/libchrome since that project, by design, only holds functionality that Chromium (the browser) needs. As a result, this tends to be more OS-centric code.

AOSP Usage

This project is also used by Update Engine which is maintained in AOSP. However, AOSP doesn't use this codebase directly, it maintains its own libbrillo fork.

To help keep the projects in sync, we have a gsubtree set up on our GoB: https://chromium.googlesource.com/chromiumos/platform2/libbrillo/

This allows AOSP to cherry pick or merge changes directly back into their fork.