mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-01-26 23:23:33 +00:00
Bug 1479787 - use NSS mozpkix in Firefox, r=mt,keeler,glandium
Differential Revision: https://phabricator.services.mozilla.com/D2725 Differential Revision: https://phabricator.services.mozilla.com/D2860 --HG-- extra : rebase_source : 189c13c2a3104c106fcabad5998af6cb2e20d4a5
This commit is contained in:
parent
526b07f729
commit
a52a8495f9
@ -30,7 +30,6 @@ FINAL_LIBRARY = 'xul'
|
||||
|
||||
LOCAL_INCLUDES += [
|
||||
'/security/manager/ssl',
|
||||
'/security/pkix/include',
|
||||
'/xpcom/build',
|
||||
]
|
||||
|
||||
|
@ -85,7 +85,6 @@ LOCAL_INCLUDES += [
|
||||
'/dom/media/platforms',
|
||||
'/dom/media/platforms/agnostic',
|
||||
'/security/certverifier',
|
||||
'/security/pkix/include',
|
||||
]
|
||||
|
||||
FINAL_LIBRARY = 'xul-gtest'
|
||||
|
@ -25,8 +25,6 @@ LOCAL_INCLUDES += [
|
||||
'/dom/crypto',
|
||||
'/dom/webauthn',
|
||||
'/security/manager/ssl',
|
||||
'/security/pkix/include',
|
||||
'/security/pkix/lib',
|
||||
]
|
||||
|
||||
MOCHITEST_MANIFESTS += ['tests/mochitest.ini']
|
||||
|
@ -7,7 +7,7 @@
|
||||
#include "mozilla/dom/WebAuthnUtil.h"
|
||||
#include "nsIEffectiveTLDService.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "pkixutil.h"
|
||||
#include "mozpkix/pkixutil.h"
|
||||
|
||||
namespace mozilla {
|
||||
namespace dom {
|
||||
|
@ -60,8 +60,6 @@ LOCAL_INCLUDES += [
|
||||
'/dom/base',
|
||||
'/dom/crypto',
|
||||
'/security/manager/ssl',
|
||||
'/security/pkix/include',
|
||||
'/security/pkix/lib',
|
||||
]
|
||||
|
||||
if CONFIG['OS_ARCH'] == 'WINNT':
|
||||
|
@ -301,7 +301,6 @@ LOCAL_INCLUDES += [
|
||||
'/dom/base',
|
||||
'/netwerk/protocol/http',
|
||||
'/netwerk/socket',
|
||||
'/security/pkix/include'
|
||||
]
|
||||
|
||||
if CONFIG['CC_TYPE'] in ('clang', 'gcc'):
|
||||
|
@ -127,7 +127,6 @@ LOCAL_INCLUDES += [
|
||||
'/dom/base',
|
||||
'/netwerk/base',
|
||||
'/netwerk/cookie',
|
||||
'/security/pkix/include',
|
||||
]
|
||||
|
||||
EXTRA_COMPONENTS += [
|
||||
|
@ -39,7 +39,7 @@
|
||||
#include "nsProxyRelease.h"
|
||||
#include "nsSocketTransport2.h"
|
||||
#include "nsStringStream.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "sslt.h"
|
||||
#include "NSSErrorsService.h"
|
||||
#include "TunnelUtils.h"
|
||||
|
@ -1776,8 +1776,8 @@ if test -n "$_USE_SYSTEM_NSS"; then
|
||||
AM_PATH_NSS(3.40, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
|
||||
fi
|
||||
|
||||
NSS_CFLAGS="$NSS_CFLAGS -I${DIST}/include/nss"
|
||||
if test -z "$MOZ_SYSTEM_NSS"; then
|
||||
NSS_CFLAGS="-I${DIST}/include/nss"
|
||||
case "${OS_ARCH}" in
|
||||
# Only few platforms have been tested with GYP
|
||||
WINNT|Darwin|Linux|DragonFly|FreeBSD|NetBSD|OpenBSD|SunOS)
|
||||
|
@ -36,8 +36,8 @@
|
||||
#include "nsProxyRelease.h"
|
||||
#include "nsString.h"
|
||||
#include "nsTHashtable.h"
|
||||
#include "pkix/pkix.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "mozpkix/pkix.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "plstr.h"
|
||||
#include "secmime.h"
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
#include "nsIX509CertDB.h"
|
||||
#include "nsNSSCertificate.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "prerror.h"
|
||||
|
||||
// Generated by gen_cert_header.py, which gets called by the build system.
|
||||
|
@ -7,7 +7,7 @@
|
||||
#ifndef AppTrustDomain_h
|
||||
#define AppTrustDomain_h
|
||||
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "mozilla/StaticMutex.h"
|
||||
#include "mozilla/UniquePtr.h"
|
||||
#include "nsDebug.h"
|
||||
|
@ -17,7 +17,6 @@ FINAL_LIBRARY = 'xul'
|
||||
LOCAL_INCLUDES += [
|
||||
'/security/certverifier',
|
||||
'/security/manager/ssl',
|
||||
'/security/pkix/include',
|
||||
'/third_party/rust/cose-c/include',
|
||||
]
|
||||
|
||||
|
@ -7,7 +7,7 @@
|
||||
#ifndef BRNameMatchingPolicy_h
|
||||
#define BRNameMatchingPolicy_h
|
||||
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
|
||||
namespace mozilla { namespace psm {
|
||||
|
||||
|
@ -23,8 +23,8 @@
|
||||
#include "nsPromiseFlatString.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "pk11pub.h"
|
||||
#include "pkix/pkix.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "mozpkix/pkix.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "secmod.h"
|
||||
|
||||
using namespace mozilla::ct;
|
||||
|
@ -17,7 +17,7 @@
|
||||
#include "mozilla/TimeStamp.h"
|
||||
#include "mozilla/UniquePtr.h"
|
||||
#include "nsString.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
#pragma warning(push)
|
||||
|
@ -16,7 +16,7 @@
|
||||
#include "nsDependentString.h"
|
||||
#include "nsString.h"
|
||||
#include "pk11pub.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
|
||||
namespace mozilla { namespace psm {
|
||||
|
||||
|
@ -28,9 +28,9 @@
|
||||
#include "nsThreadUtils.h"
|
||||
#include "nss.h"
|
||||
#include "pk11pub.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "pkix/pkix.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "mozpkix/Result.h"
|
||||
#include "mozpkix/pkix.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "prerror.h"
|
||||
#include "secerr.h"
|
||||
|
||||
|
@ -13,7 +13,7 @@
|
||||
#include "mozilla/TimeStamp.h"
|
||||
#include "nsICertBlocklist.h"
|
||||
#include "nsString.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "secmodt.h"
|
||||
|
||||
namespace mozilla { namespace psm {
|
||||
|
@ -28,7 +28,7 @@
|
||||
|
||||
#include "NSSCertDBTrustDomain.h"
|
||||
#include "pk11pub.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
#include "secerr.h"
|
||||
|
||||
|
@ -28,8 +28,8 @@
|
||||
#include "hasht.h"
|
||||
#include "mozilla/Mutex.h"
|
||||
#include "mozilla/Vector.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "pkix/Time.h"
|
||||
#include "mozpkix/Result.h"
|
||||
#include "mozpkix/Time.h"
|
||||
#include "prerror.h"
|
||||
#include "seccomon.h"
|
||||
|
||||
|
@ -7,7 +7,7 @@
|
||||
#ifndef mozilla_psm__OCSPVerificationTrustDomain_h
|
||||
#define mozilla_psm__OCSPVerificationTrustDomain_h
|
||||
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "NSSCertDBTrustDomain.h"
|
||||
|
||||
namespace mozilla { namespace psm {
|
||||
|
@ -29,13 +29,10 @@ if not CONFIG['NSS_NO_EV_CERTS']:
|
||||
LOCAL_INCLUDES += [
|
||||
'/security/ct',
|
||||
'/security/manager/ssl',
|
||||
'/security/pkix/include',
|
||||
'/security/pkix/lib',
|
||||
]
|
||||
|
||||
DIRS += [
|
||||
'../ct',
|
||||
'../pkix',
|
||||
]
|
||||
|
||||
TEST_DIRS += [
|
||||
|
@ -8,8 +8,8 @@
|
||||
#define BTVerifier_h
|
||||
|
||||
#include "BTInclusionProof.h"
|
||||
#include "pkix/Input.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "mozpkix/Input.h"
|
||||
#include "mozpkix/Result.h"
|
||||
|
||||
namespace mozilla { namespace ct {
|
||||
|
||||
|
@ -10,7 +10,7 @@
|
||||
#include "CTLog.h"
|
||||
#include "CTVerifyResult.h"
|
||||
#include "certt.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "mozpkix/Result.h"
|
||||
|
||||
namespace mozilla { namespace ct {
|
||||
|
||||
|
@ -10,8 +10,8 @@
|
||||
|
||||
#include "CTSerialization.h"
|
||||
#include "hasht.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "pkixutil.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "mozpkix/pkixutil.h"
|
||||
|
||||
namespace mozilla { namespace ct {
|
||||
|
||||
|
@ -13,9 +13,9 @@
|
||||
#include "CTUtils.h"
|
||||
#include "SignedCertificateTimestamp.h"
|
||||
#include "SignedTreeHead.h"
|
||||
#include "pkix/Input.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "pkix/pkix.h"
|
||||
#include "mozpkix/Input.h"
|
||||
#include "mozpkix/Result.h"
|
||||
#include "mozpkix/pkix.h"
|
||||
|
||||
namespace mozilla { namespace ct {
|
||||
|
||||
|
@ -10,8 +10,8 @@
|
||||
#include <vector>
|
||||
|
||||
#include "hasht.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "pkixutil.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "mozpkix/pkixutil.h"
|
||||
|
||||
namespace mozilla { namespace ct {
|
||||
|
||||
|
@ -7,8 +7,8 @@
|
||||
#ifndef CTObjectsExtractor_h
|
||||
#define CTObjectsExtractor_h
|
||||
|
||||
#include "pkix/Input.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "mozpkix/Input.h"
|
||||
#include "mozpkix/Result.h"
|
||||
#include "SignedCertificateTimestamp.h"
|
||||
|
||||
namespace mozilla { namespace ct {
|
||||
|
@ -9,7 +9,7 @@
|
||||
|
||||
#include "CTLog.h"
|
||||
#include "CTVerifyResult.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "mozpkix/Result.h"
|
||||
|
||||
namespace mozilla { namespace ct {
|
||||
|
||||
|
@ -9,8 +9,8 @@
|
||||
|
||||
#include <vector>
|
||||
|
||||
#include "pkix/Input.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "mozpkix/Input.h"
|
||||
#include "mozpkix/Result.h"
|
||||
#include "SignedCertificateTimestamp.h"
|
||||
#include "SignedTreeHead.h"
|
||||
|
||||
|
@ -13,8 +13,8 @@
|
||||
#include "keyhi.h"
|
||||
#include "keythi.h"
|
||||
#include "pk11pub.h"
|
||||
#include "pkix/Input.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "mozpkix/Input.h"
|
||||
#include "mozpkix/Result.h"
|
||||
|
||||
#define MOZILLA_CT_ARRAY_LENGTH(x) (sizeof(x) / sizeof((x)[0]))
|
||||
|
||||
|
@ -11,9 +11,9 @@
|
||||
|
||||
#include "CTLogVerifier.h"
|
||||
#include "CTVerifyResult.h"
|
||||
#include "pkix/Input.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "pkix/Time.h"
|
||||
#include "mozpkix/Input.h"
|
||||
#include "mozpkix/Result.h"
|
||||
#include "mozpkix/Time.h"
|
||||
#include "SignedCertificateTimestamp.h"
|
||||
|
||||
namespace mozilla { namespace ct {
|
||||
|
@ -8,8 +8,8 @@
|
||||
#define SignedCertificateTimestamp_h
|
||||
|
||||
#include "Buffer.h"
|
||||
#include "pkix/Input.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "mozpkix/Input.h"
|
||||
#include "mozpkix/Result.h"
|
||||
|
||||
// Structures related to Certificate Transparency (RFC 6962).
|
||||
namespace mozilla { namespace ct {
|
||||
|
@ -31,15 +31,6 @@ UNIFIED_SOURCES += [
|
||||
'SignedCertificateTimestamp.cpp',
|
||||
]
|
||||
|
||||
LOCAL_INCLUDES += [
|
||||
'/security/pkix/include',
|
||||
'/security/pkix/lib',
|
||||
]
|
||||
|
||||
DIRS += [
|
||||
'../pkix',
|
||||
]
|
||||
|
||||
TEST_DIRS += [
|
||||
'tests/gtest',
|
||||
]
|
||||
|
@ -12,13 +12,13 @@
|
||||
#include "BTInclusionProof.h"
|
||||
#include "CTSerialization.h"
|
||||
#include "gtest/gtest.h"
|
||||
#include "pkix/Input.h"
|
||||
#include "pkix/pkix.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "pkixcheck.h"
|
||||
#include "pkixutil.h"
|
||||
#include "mozpkix/Input.h"
|
||||
#include "mozpkix/pkix.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "mozpkix/Result.h"
|
||||
#include "mozpkix/pkixcheck.h"
|
||||
#include "mozpkix/pkixutil.h"
|
||||
#include "SignedCertificateTimestamp.h"
|
||||
#include "SignedTreeHead.h"
|
||||
|
||||
|
@ -9,8 +9,8 @@
|
||||
|
||||
#include <iostream>
|
||||
|
||||
#include "pkix/Input.h"
|
||||
#include "pkix/Time.h"
|
||||
#include "mozpkix/Input.h"
|
||||
#include "mozpkix/Time.h"
|
||||
#include "seccomon.h"
|
||||
#include "SignedCertificateTimestamp.h"
|
||||
#include "SignedTreeHead.h"
|
||||
|
@ -17,8 +17,6 @@ SOURCES += [
|
||||
|
||||
LOCAL_INCLUDES += [
|
||||
'../..',
|
||||
'/security/pkix/include',
|
||||
'/security/pkix/lib',
|
||||
]
|
||||
|
||||
if not CONFIG['MOZ_DEBUG']:
|
||||
|
@ -12,7 +12,7 @@
|
||||
#include "NSSCertDBTrustDomain.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "nsThreadUtils.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
|
||||
using namespace mozilla::pkix;
|
||||
|
||||
|
@ -7,7 +7,7 @@
|
||||
#ifndef CSTrustDomain_h
|
||||
#define CSTrustDomain_h
|
||||
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "mozilla/StaticMutex.h"
|
||||
#include "mozilla/UniquePtr.h"
|
||||
#include "nsDebug.h"
|
||||
|
@ -26,7 +26,7 @@
|
||||
#include "nsPromiseFlatString.h"
|
||||
#include "nsTHashtable.h"
|
||||
#include "nsThreadUtils.h"
|
||||
#include "pkix/Input.h"
|
||||
#include "mozpkix/Input.h"
|
||||
#include "prtime.h"
|
||||
|
||||
NS_IMPL_ISUPPORTS(CertBlocklist, nsICertBlocklist)
|
||||
|
@ -14,7 +14,7 @@
|
||||
#include "nsIX509CertDB.h"
|
||||
#include "nsString.h"
|
||||
#include "nsTHashtable.h"
|
||||
#include "pkix/Input.h"
|
||||
#include "mozpkix/Input.h"
|
||||
|
||||
#define NS_CERT_BLOCKLIST_CID \
|
||||
{0x11aefd53, 0x2fbb, 0x4c92, {0xa0, 0xc1, 0x05, 0x32, 0x12, 0xae, 0x42, 0xd0} }
|
||||
|
@ -23,8 +23,8 @@
|
||||
#include "nsSecurityHeaderParser.h"
|
||||
#include "nsStreamUtils.h"
|
||||
#include "nsWhitespaceTokenizer.h"
|
||||
#include "pkix/pkix.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkix.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "secerr.h"
|
||||
|
||||
NS_IMPL_ISUPPORTS(ContentSignatureVerifier,
|
||||
|
@ -6,7 +6,7 @@
|
||||
|
||||
#include "nsNSSComponent.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "secerr.h"
|
||||
#include "sslerr.h"
|
||||
|
||||
|
@ -15,7 +15,7 @@
|
||||
#include "nsISiteSecurityService.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "nsSiteSecurityService.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "seccomon.h"
|
||||
#include "sechash.h"
|
||||
|
||||
|
@ -11,7 +11,7 @@
|
||||
#include "nsNSSCertificate.h"
|
||||
#include "nsString.h"
|
||||
#include "nsTArray.h"
|
||||
#include "pkix/Time.h"
|
||||
#include "mozpkix/Time.h"
|
||||
|
||||
namespace mozilla {
|
||||
class OriginAttributes;
|
||||
|
@ -130,8 +130,8 @@
|
||||
#include "nsString.h"
|
||||
#include "nsURLHelper.h"
|
||||
#include "nsXPCOMCIDInternal.h"
|
||||
#include "pkix/pkix.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "mozpkix/pkix.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "secerr.h"
|
||||
#include "secoidt.h"
|
||||
#include "secport.h"
|
||||
|
@ -23,7 +23,7 @@
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "nsXULAppAPI.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "secerr.h"
|
||||
|
||||
//#define DEBUG_SSL_VERBOSE //Enable this define to get minimal
|
||||
|
@ -20,7 +20,7 @@
|
||||
#include "nsITransportSecurityInfo.h"
|
||||
#include "nsNSSCertificate.h"
|
||||
#include "nsString.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
|
||||
namespace mozilla { namespace psm {
|
||||
|
||||
|
@ -176,7 +176,6 @@ LOCAL_INCLUDES += [
|
||||
'/dom/base',
|
||||
'/dom/crypto',
|
||||
'/security/certverifier',
|
||||
'/security/pkix/include',
|
||||
]
|
||||
|
||||
LOCAL_INCLUDES += [
|
||||
@ -201,6 +200,10 @@ if not CONFIG['MOZ_SYSTEM_NSS']:
|
||||
'crmf',
|
||||
]
|
||||
|
||||
# mozpkix is linked statically from the in-tree sources independent of whether
|
||||
# system NSS is used or not.
|
||||
USE_LIBS += [ 'mozpkix' ]
|
||||
|
||||
include('/ipc/chromium/chromium-config.mozbuild')
|
||||
|
||||
if CONFIG['CC_TYPE'] in ('clang', 'gcc'):
|
||||
|
@ -23,7 +23,7 @@
|
||||
#include "nsXPCOMCID.h"
|
||||
#include "nsString.h"
|
||||
#include "nsTreeColumns.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
|
@ -33,7 +33,7 @@
|
||||
#include "nsProtectedAuthThread.h"
|
||||
#include "nsProxyRelease.h"
|
||||
#include "nsStringStream.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "ssl.h"
|
||||
#include "sslproto.h"
|
||||
|
||||
|
@ -14,7 +14,7 @@
|
||||
#include "nspr.h"
|
||||
#include "nsString.h"
|
||||
#include "pk11func.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
|
||||
using mozilla::OriginAttributes;
|
||||
using mozilla::TimeDuration;
|
||||
|
@ -35,9 +35,9 @@
|
||||
#include "nsThreadUtils.h"
|
||||
#include "nsUnicharUtils.h"
|
||||
#include "nspr.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "pkix/Result.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "mozpkix/Result.h"
|
||||
#include "prerror.h"
|
||||
#include "secasn1.h"
|
||||
#include "secder.h"
|
||||
|
@ -15,6 +15,9 @@
|
||||
#include "mozilla/Casting.h"
|
||||
#include "mozilla/Services.h"
|
||||
#include "mozilla/Unused.h"
|
||||
#include "mozpkix/Time.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "nsArray.h"
|
||||
#include "nsArrayUtils.h"
|
||||
#include "nsCOMPtr.h"
|
||||
@ -37,9 +40,6 @@
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsThreadUtils.h"
|
||||
#include "nspr.h"
|
||||
#include "pkix/Time.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "secasn1.h"
|
||||
#include "secder.h"
|
||||
#include "secerr.h"
|
||||
|
@ -52,7 +52,7 @@
|
||||
#include "nsXULAppAPI.h"
|
||||
#include "nss.h"
|
||||
#include "p12plcy.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "secerr.h"
|
||||
#include "secmod.h"
|
||||
#include "ssl.h"
|
||||
|
@ -38,8 +38,8 @@
|
||||
#include "nsNSSHelper.h"
|
||||
#include "nsPrintfCString.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "pkix/pkixnss.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixnss.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "prmem.h"
|
||||
#include "prnetdb.h"
|
||||
#include "secder.h"
|
||||
|
@ -21,7 +21,7 @@
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsThreadUtils.h"
|
||||
#include "p12plcy.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "secerr.h"
|
||||
|
||||
using namespace mozilla;
|
||||
|
@ -14,7 +14,7 @@
|
||||
#include "nsISiteSecurityService.h"
|
||||
#include "nsString.h"
|
||||
#include "nsTArray.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "prtime.h"
|
||||
|
||||
class nsIURI;
|
||||
|
@ -11,8 +11,8 @@
|
||||
#include "mozilla/Casting.h"
|
||||
#include "mozilla/Sprintf.h"
|
||||
#include "nss.h"
|
||||
#include "pkix/pkixtypes.h"
|
||||
#include "pkixtestutil.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "mozpkix/test/pkixtestutil.h"
|
||||
#include "prerr.h"
|
||||
#include "secerr.h"
|
||||
|
||||
|
@ -18,8 +18,6 @@ SOURCES += [
|
||||
LOCAL_INCLUDES += [
|
||||
'/security/certverifier',
|
||||
'/security/manager/ssl',
|
||||
'/security/pkix/include',
|
||||
'/security/pkix/test/lib',
|
||||
'/third_party/rust/cose-c/include',
|
||||
]
|
||||
|
||||
|
@ -16,10 +16,9 @@ LOCAL_INCLUDES += [
|
||||
]
|
||||
|
||||
USE_LIBS += [
|
||||
'mozillapkix',
|
||||
'mozpkix',
|
||||
'nspr',
|
||||
'nss',
|
||||
'pkixtestutil',
|
||||
'tlsserver',
|
||||
]
|
||||
|
||||
|
@ -6,8 +6,8 @@
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#include "pkixtestutil.h"
|
||||
#include "pkixtestnss.h"
|
||||
#include "mozpkix/test/pkixtestutil.h"
|
||||
#include "mozpkix/test/pkixtestnss.h"
|
||||
#include "TLSServer.h"
|
||||
#include "secder.h"
|
||||
#include "secerr.h"
|
||||
|
@ -9,9 +9,8 @@ UNIFIED_SOURCES += [
|
||||
'TLSServer.cpp',
|
||||
]
|
||||
|
||||
LOCAL_INCLUDES += [
|
||||
'../../../../../../pkix/include',
|
||||
'../../../../../../pkix/test/lib',
|
||||
USE_LIBS += [
|
||||
'mozpkix-testlib',
|
||||
]
|
||||
|
||||
Library('tlsserver')
|
||||
|
@ -19,130 +19,137 @@ with Files("nss.symbols"):
|
||||
if CONFIG['MOZ_SYSTEM_NSS']:
|
||||
Library('nss')
|
||||
OS_LIBS += CONFIG['NSS_LIBS']
|
||||
|
||||
include('/build/gyp_base.mozbuild')
|
||||
if CONFIG['MOZ_FOLD_LIBS']:
|
||||
GeckoSharedLibrary('nss', linkage=None)
|
||||
# TODO: The library name can be changed when bug 845217 is fixed.
|
||||
SHARED_LIBRARY_NAME = 'nss3'
|
||||
|
||||
USE_LIBS += [
|
||||
'nspr4',
|
||||
'nss3_static',
|
||||
'nssutil',
|
||||
'plc4',
|
||||
'plds4',
|
||||
'smime3_static',
|
||||
'ssl',
|
||||
]
|
||||
|
||||
OS_LIBS += CONFIG['REALTIME_LIBS']
|
||||
|
||||
SYMBOLS_FILE = 'nss.symbols'
|
||||
# This changes the default targets in the NSS build, among
|
||||
# other things.
|
||||
gyp_vars['moz_fold_libs'] = 1
|
||||
# Some things in NSS need to link against nssutil, which
|
||||
# gets folded, so this tells them what to link against.
|
||||
gyp_vars['moz_folded_library_name'] = 'nss'
|
||||
# Force things in NSS that want to link against NSPR to link
|
||||
# against the folded library.
|
||||
gyp_vars['nspr_libs'] = 'nss'
|
||||
elif not CONFIG['MOZ_SYSTEM_NSS']:
|
||||
Library('nss')
|
||||
USE_LIBS += [
|
||||
'nss3',
|
||||
'nssutil3',
|
||||
'smime3',
|
||||
'sqlite',
|
||||
'ssl3',
|
||||
]
|
||||
gyp_vars['nspr_libs'] = 'nspr'
|
||||
else:
|
||||
include('/build/gyp_base.mozbuild')
|
||||
if CONFIG['MOZ_FOLD_LIBS']:
|
||||
GeckoSharedLibrary('nss', linkage=None)
|
||||
# TODO: The library name can be changed when bug 845217 is fixed.
|
||||
SHARED_LIBRARY_NAME = 'nss3'
|
||||
# Build mozpkix and mozpkix-test only
|
||||
gyp_vars['nspr_libs'] = 'nspr'
|
||||
gyp_vars['mozpkix_only'] = 1
|
||||
|
||||
USE_LIBS += [
|
||||
'nspr4',
|
||||
'nss3_static',
|
||||
'nssutil',
|
||||
'plc4',
|
||||
'plds4',
|
||||
'smime3_static',
|
||||
'ssl',
|
||||
]
|
||||
# This disables building some NSS tools.
|
||||
gyp_vars['mozilla_client'] = 1
|
||||
# We run shlibsign as part of packaging, not build.
|
||||
gyp_vars['sign_libs'] = 0
|
||||
gyp_vars['python'] = CONFIG['PYTHON']
|
||||
# The NSS gyp files do not have a default for this.
|
||||
gyp_vars['nss_dist_dir'] = '$PRODUCT_DIR/dist'
|
||||
# NSS wants to put public headers in $nss_dist_dir/public/nss by default,
|
||||
# which would wind up being mapped to dist/include/public/nss (by
|
||||
# gyp_reader's `handle_copies`).
|
||||
# This forces it to put them in dist/include/nss.
|
||||
gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist'
|
||||
gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin'
|
||||
# We don't currently build NSS tests.
|
||||
gyp_vars['disable_tests'] = 1
|
||||
if CONFIG['NSS_DISABLE_DBM']:
|
||||
gyp_vars['disable_dbm'] = 1
|
||||
gyp_vars['disable_libpkix'] = 1
|
||||
# pkg-config won't reliably find zlib on our builders, so just force it.
|
||||
# System zlib is only used for modutil and signtool unless
|
||||
# SSL zlib is enabled, which we are disabling immediately below this.
|
||||
gyp_vars['zlib_libs'] = '-lz'
|
||||
gyp_vars['ssl_enable_zlib'] = 0
|
||||
# System sqlite here is the in-tree mozsqlite.
|
||||
gyp_vars['use_system_sqlite'] = 1
|
||||
gyp_vars['sqlite_libs'] = 'sqlite'
|
||||
|
||||
OS_LIBS += CONFIG['REALTIME_LIBS']
|
||||
|
||||
SYMBOLS_FILE = 'nss.symbols'
|
||||
# This changes the default targets in the NSS build, among
|
||||
# other things.
|
||||
gyp_vars['moz_fold_libs'] = 1
|
||||
# Some things in NSS need to link against nssutil, which
|
||||
# gets folded, so this tells them what to link against.
|
||||
gyp_vars['moz_folded_library_name'] = 'nss'
|
||||
# Force things in NSS that want to link against NSPR to link
|
||||
# against the folded library.
|
||||
gyp_vars['nspr_libs'] = 'nss'
|
||||
else:
|
||||
Library('nss')
|
||||
USE_LIBS += [
|
||||
'nss3',
|
||||
'nssutil3',
|
||||
'smime3',
|
||||
'sqlite',
|
||||
'ssl3',
|
||||
]
|
||||
gyp_vars['nspr_libs'] = 'nspr'
|
||||
if CONFIG['MOZ_SYSTEM_NSPR']:
|
||||
gyp_vars['nspr_include_dir'] = '%' + CONFIG['NSPR_INCLUDE_DIR']
|
||||
gyp_vars['nspr_lib_dir'] = '%' + CONFIG['NSPR_LIB_DIR']
|
||||
else:
|
||||
gyp_vars['nspr_include_dir'] = '!/dist/include/nspr'
|
||||
gyp_vars['nspr_lib_dir'] = '' # gyp wants a value, but we don't need
|
||||
# it to be valid.
|
||||
|
||||
# This disables building some NSS tools.
|
||||
gyp_vars['mozilla_client'] = 1
|
||||
# We run shlibsign as part of packaging, not build.
|
||||
gyp_vars['sign_libs'] = 0
|
||||
gyp_vars['python'] = CONFIG['PYTHON']
|
||||
# The NSS gyp files do not have a default for this.
|
||||
gyp_vars['nss_dist_dir'] = '$PRODUCT_DIR/dist'
|
||||
# NSS wants to put public headers in $nss_dist_dir/public/nss by default,
|
||||
# which would wind up being mapped to dist/include/public/nss (by
|
||||
# gyp_reader's `handle_copies`).
|
||||
# This forces it to put them in dist/include/nss.
|
||||
gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist'
|
||||
gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin'
|
||||
# We don't currently build NSS tests.
|
||||
gyp_vars['disable_tests'] = 1
|
||||
if CONFIG['NSS_DISABLE_DBM']:
|
||||
gyp_vars['disable_dbm'] = 1
|
||||
gyp_vars['disable_libpkix'] = 1
|
||||
# pkg-config won't reliably find zlib on our builders, so just force it.
|
||||
# System zlib is only used for modutil and signtool unless
|
||||
# SSL zlib is enabled, which we are disabling immediately below this.
|
||||
gyp_vars['zlib_libs'] = '-lz'
|
||||
gyp_vars['ssl_enable_zlib'] = 0
|
||||
# System sqlite here is the in-tree mozsqlite.
|
||||
gyp_vars['use_system_sqlite'] = 1
|
||||
gyp_vars['sqlite_libs'] = 'sqlite'
|
||||
# The Python scripts that detect clang need it to be set as CC
|
||||
# in the environment, which isn't true here. I don't know that
|
||||
# setting that would be harmful, but we already have this information
|
||||
# anyway.
|
||||
if CONFIG['CC_TYPE'] in ('clang', 'clang-cl'):
|
||||
gyp_vars['cc_is_clang'] = 1
|
||||
if CONFIG['GCC_USE_GNU_LD']:
|
||||
gyp_vars['cc_use_gnu_ld'] = 1
|
||||
|
||||
if CONFIG['MOZ_SYSTEM_NSPR']:
|
||||
gyp_vars['nspr_include_dir'] = '%' + CONFIG['NSPR_INCLUDE_DIR']
|
||||
gyp_vars['nspr_lib_dir'] = '%' + CONFIG['NSPR_LIB_DIR']
|
||||
else:
|
||||
gyp_vars['nspr_include_dir'] = '!/dist/include/nspr'
|
||||
gyp_vars['nspr_lib_dir'] = '' # gyp wants a value, but we don't need
|
||||
# it to be valid.
|
||||
GYP_DIRS += ['nss']
|
||||
GYP_DIRS['nss'].input = 'nss/nss.gyp'
|
||||
GYP_DIRS['nss'].variables = gyp_vars
|
||||
|
||||
# The Python scripts that detect clang need it to be set as CC
|
||||
# in the environment, which isn't true here. I don't know that
|
||||
# setting that would be harmful, but we already have this information
|
||||
# anyway.
|
||||
if CONFIG['CC_TYPE'] in ('clang', 'clang-cl'):
|
||||
gyp_vars['cc_is_clang'] = 1
|
||||
if CONFIG['GCC_USE_GNU_LD']:
|
||||
gyp_vars['cc_use_gnu_ld'] = 1
|
||||
|
||||
GYP_DIRS += ['nss']
|
||||
GYP_DIRS['nss'].input = 'nss/nss.gyp'
|
||||
GYP_DIRS['nss'].variables = gyp_vars
|
||||
|
||||
sandbox_vars = {
|
||||
# NSS explicitly exports its public symbols
|
||||
# with linker scripts.
|
||||
'COMPILE_FLAGS': {
|
||||
'VISIBILITY': [],
|
||||
# XXX: We should fix these warnings.
|
||||
'WARNINGS_AS_ERRORS': [],
|
||||
},
|
||||
# NSS' build system doesn't currently build NSS with PGO.
|
||||
# We could probably do so, but not without a lot of
|
||||
# careful consideration.
|
||||
'NO_PGO': True,
|
||||
}
|
||||
if CONFIG['OS_TARGET'] == 'WINNT':
|
||||
if CONFIG['CPU_ARCH'] == 'x86':
|
||||
# This should really be the default.
|
||||
sandbox_vars['ASFLAGS'] = ['-safeseh']
|
||||
if CONFIG['MOZ_FOLD_LIBS_FLAGS']:
|
||||
sandbox_vars['CFLAGS'] = CONFIG['MOZ_FOLD_LIBS_FLAGS']
|
||||
if CONFIG['OS_TARGET'] == 'Android':
|
||||
sandbox_vars['CFLAGS'] = [
|
||||
'-include', TOPSRCDIR + '/security/manager/android_stub.h',
|
||||
# Setting sandbox_vars['DEFINES'] is broken currently.
|
||||
'-DCHECK_FORK_GETPID',
|
||||
]
|
||||
if CONFIG['ANDROID_VERSION']:
|
||||
sandbox_vars['CFLAGS'] += ['-DANDROID_VERSION=' + CONFIG['ANDROID_VERSION']]
|
||||
GYP_DIRS['nss'].sandbox_vars = sandbox_vars
|
||||
GYP_DIRS['nss'].no_chromium = True
|
||||
GYP_DIRS['nss'].no_unified = True
|
||||
# This maps action names from gyp files to
|
||||
# Python scripts that can be used in moz.build GENERATED_FILES.
|
||||
GYP_DIRS['nss'].action_overrides = {
|
||||
'generate_certdata_c': 'generate_certdata.py',
|
||||
'generate_mapfile': 'generate_mapfile.py',
|
||||
}
|
||||
sandbox_vars = {
|
||||
# NSS explicitly exports its public symbols
|
||||
# with linker scripts.
|
||||
'COMPILE_FLAGS': {
|
||||
'VISIBILITY': [],
|
||||
# XXX: We should fix these warnings.
|
||||
'WARNINGS_AS_ERRORS': [],
|
||||
},
|
||||
# NSS' build system doesn't currently build NSS with PGO.
|
||||
# We could probably do so, but not without a lot of
|
||||
# careful consideration.
|
||||
'NO_PGO': True,
|
||||
}
|
||||
if CONFIG['OS_TARGET'] == 'WINNT':
|
||||
if CONFIG['CPU_ARCH'] == 'x86':
|
||||
# This should really be the default.
|
||||
sandbox_vars['ASFLAGS'] = ['-safeseh']
|
||||
if CONFIG['MOZ_FOLD_LIBS_FLAGS']:
|
||||
sandbox_vars['CFLAGS'] = CONFIG['MOZ_FOLD_LIBS_FLAGS']
|
||||
if CONFIG['OS_TARGET'] == 'Android':
|
||||
sandbox_vars['CFLAGS'] = [
|
||||
'-include', TOPSRCDIR + '/security/manager/android_stub.h',
|
||||
# Setting sandbox_vars['DEFINES'] is broken currently.
|
||||
'-DCHECK_FORK_GETPID',
|
||||
]
|
||||
if CONFIG['ANDROID_VERSION']:
|
||||
sandbox_vars['CFLAGS'] += ['-DANDROID_VERSION=' + CONFIG['ANDROID_VERSION']]
|
||||
if CONFIG['MOZ_SYSTEM_NSS']:
|
||||
sandbox_vars['CXXFLAGS'] = CONFIG['NSS_CFLAGS']
|
||||
GYP_DIRS['nss'].sandbox_vars = sandbox_vars
|
||||
GYP_DIRS['nss'].no_chromium = True
|
||||
GYP_DIRS['nss'].no_unified = True
|
||||
# This maps action names from gyp files to
|
||||
# Python scripts that can be used in moz.build GENERATED_FILES.
|
||||
GYP_DIRS['nss'].action_overrides = {
|
||||
'generate_certdata_c': 'generate_certdata.py',
|
||||
'generate_mapfile': 'generate_mapfile.py',
|
||||
}
|
||||
|
||||
if CONFIG['NSS_EXTRA_SYMBOLS_FILE']:
|
||||
DEFINES['NSS_EXTRA_SYMBOLS_FILE'] = CONFIG['NSS_EXTRA_SYMBOLS_FILE']
|
||||
|
Loading…
x
Reference in New Issue
Block a user