commit | 07fe8c81e3f2306f5831a0e4e018666a22d737b4 | [log] [tgz] |
---|---|---|
author | Alex Khouderchah <akhouderchah@chromium.org> | Thu Feb 28 19:05:02 2019 |
committer | chrome-bot <chrome-bot@chromium.org> | Fri Mar 15 23:48:44 2019 |
tree | 38f4b2347a07eeea1ebb99f6ebbd155b06c52433 | |
parent | ba1ed774a9b0eeb71ee7ef94919d17f00dba3a54 [diff] |
libbrillo: http: Use chromeos CA certs rather than NSS store Prior to this change, all HTTPS communication through http::curl::Transport was using the /etc/ssl/certs/ca-certificates.crt bundle for certificate verification. This CL modifies that behavior such that only certificates in /usr/share/chromeos-ca-certificates/ are used. Note that since we are now performing certificate verification with a more narrow subset of root CA certificates, the interface of http::curl::Transport is fundamentally changed to only allow communication with Google services. CL:1490871 adds the ability to specify a certificate path to use, such that clients may use this class to communicate with non-Google services if they have good reason to do so. BUG=chromium:936484 TEST=All unit tests are passing. Change-Id: I207dd08e909f5101b85325b2add6bcbf336567d7 Reviewed-on: https://chromium-review.googlesource.com/1495422 Commit-Ready: Alex Khouderchah <akhouderchah@chromium.org> Tested-by: Alex Khouderchah <akhouderchah@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org> Cr-Mirrored-From: https://chromium.googlesource.com/chromiumos/platform2 Cr-Mirrored-Commit: 056e05be53086ef15fc85a63190582c321f55b34
libbrillo is a shared library meant to hold common utility code that we deem useful for platform projects. It supplements the functionality provided by libbase/libchrome since that project, by design, only holds functionality that Chromium (the browser) needs. As a result, this tends to be more OS-centric code.
This project is also used by Update Engine which is maintained in AOSP. However, AOSP doesn't use this codebase directly, it maintains its own libbrillo fork.
To help keep the projects in sync, we have a gsubtree set up on our GoB: https://chromium.googlesource.com/chromiumos/platform2/libbrillo/
This allows AOSP to cherry pick or merge changes directly back into their fork.