Change the default behaviour rtc_builtin_ssl_root_certificates. Instead of defining a pre-processor macro when someone wants to include built-in ssl roots certs, this CL switches the default and assumes everyone prefer to include built-in ssl roots certs. If built-in ssl roots certs are not needed because they are injected in the PeerConnection it will be possible to define a pre-processor macro (WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS) to remove them. In a GN build it is possible to tell GN to define the macro by setting rtc_builtin_ssl_root_certificates to false in "gn args". Bug: webrtc:9332 Change-Id: Icc3f2caeddca6899cbc5974f21b480d75d15556f Reviewed-on: https://webrtc-review.googlesource.com/94147 Reviewed-by: Karl Wiberg <kwiberg@webrtc.org> Reviewed-by: Benjamin Wright <benwright@webrtc.org> Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org> Cr-Commit-Position: refs/heads/master@{#24302}

commit: b889a20968ab688672624e6ea538a98b50904dca [log] [tgz]
author: Mirko Bonadei <mbonadei@webrtc.org> Wed Aug 15 11:41:27 2018 +0200
committer: Commit Bot <commit-bot@chromium.org> Thu Aug 16 06:49:42 2018 +0000
tree: 31370859b9dce2d4ae78346dff6876ec3241d8ee
parent: 6f2f07302825d50508e4f74de502c3013c792307 [diff]
diff --git a/BUILD.gn b/BUILD.gn
index 2e3c91a..b3afa76 100644
--- a/BUILD.gn
+++ b/BUILD.gn

@@ -92,6 +92,10 @@
     defines += [ "WEBRTC_MOZILLA_BUILD" ]
   }
 
+  if (!rtc_builtin_ssl_root_certificates) {
+    defines += [ "WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS" ]
+  }
+
   # Some tests need to declare their own trace event handlers. If this define is
   # not set, the first time TRACE_EVENT_* is called it will store the return
   # value for the current handler in an static variable, so that subsequent

diff --git a/rtc_base/BUILD.gn b/rtc_base/BUILD.gn
index cc4d0bc..c076b21 100644
--- a/rtc_base/BUILD.gn
+++ b/rtc_base/BUILD.gn

@@ -871,10 +871,6 @@
     configs += [ ":external_ssl_library" ]
   }
 
-  if (rtc_builtin_ssl_root_certificates) {
-    defines += [ "WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES" ]
-  }
-
   if (is_android) {
     sources += [
       "ifaddrs-android.cc",
@@ -1309,9 +1305,6 @@
     } else {
       configs += [ ":external_ssl_library" ]
     }
-    if (rtc_builtin_ssl_root_certificates) {
-      defines += [ "WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES" ]
-    }
   }
 }
 

diff --git a/rtc_base/openssladapter.cc b/rtc_base/openssladapter.cc
index 05de6d0..50284a6 100644
--- a/rtc_base/openssladapter.cc
+++ b/rtc_base/openssladapter.cc

@@ -907,14 +907,14 @@
     return nullptr;
   }
 
-#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifndef WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
   if (!openssl::LoadBuiltinSSLRootCertificates(ctx)) {
     RTC_LOG(LS_ERROR) << "SSL_CTX creation failed: Failed to load any trusted "
                          "ssl root certificates.";
     SSL_CTX_free(ctx);
     return nullptr;
   }
-#endif  // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif  // WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
 
 #if !defined(NDEBUG)
   SSL_CTX_set_info_callback(ctx, SSLInfoCallback);

diff --git a/rtc_base/opensslcertificate.cc b/rtc_base/opensslcertificate.cc
index 15fc303..ed67a89 100644
--- a/rtc_base/opensslcertificate.cc
+++ b/rtc_base/opensslcertificate.cc

@@ -36,9 +36,9 @@
 #include "rtc_base/openssldigest.h"
 #include "rtc_base/opensslidentity.h"
 #include "rtc_base/opensslutility.h"
-#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifndef WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
 #include "rtc_base/sslroots.h"
-#endif
+#endif  // WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
 
 namespace rtc {
 

diff --git a/rtc_base/opensslutility.cc b/rtc_base/opensslutility.cc
index bf6832c..46f4547 100644
--- a/rtc_base/opensslutility.cc
+++ b/rtc_base/opensslutility.cc

@@ -33,9 +33,9 @@
 #include "rtc_base/numerics/safe_conversions.h"
 #include "rtc_base/openssl.h"
 #include "rtc_base/opensslcertificate.h"
-#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifndef WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
 #include "rtc_base/sslroots.h"
-#endif  // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif  // WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
 
 namespace rtc {
 namespace openssl {
@@ -110,7 +110,7 @@
   }
 }
 
-#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifndef WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
 bool LoadBuiltinSSLRootCertificates(SSL_CTX* ctx) {
   int count_of_added_certs = 0;
   for (size_t i = 0; i < arraysize(kSSLCertCertificateList); i++) {
@@ -130,7 +130,7 @@
   }
   return count_of_added_certs > 0;
 }
-#endif  // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif  // WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
 
 }  // namespace openssl
 }  // namespace rtc

diff --git a/rtc_base/opensslutility.h b/rtc_base/opensslutility.h
index f579f50..7cb38b5 100644
--- a/rtc_base/opensslutility.h
+++ b/rtc_base/opensslutility.h

@@ -28,12 +28,12 @@
 // prefix can be provided for context.
 void LogSSLErrors(const std::string& prefix);
 
-#ifdef WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#ifndef WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
 // Attempt to add the certificates from the loader into the SSL_CTX. False is
 // returned only if there are no certificates returned from the loader or none
 // of them can be added to the TrustStore for the provided context.
 bool LoadBuiltinSSLRootCertificates(SSL_CTX* ssl_ctx);
-#endif  // WEBRTC_BUILT_IN_SSL_ROOT_CERTIFICATES
+#endif  // WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
 
 }  // namespace openssl
 }  // namespace rtc
commit	b889a20968ab688672624e6ea538a98b50904dca	[log] [tgz]
author	Mirko Bonadei <mbonadei@webrtc.org>	Wed Aug 15 11:41:27 2018 +0200
committer	Commit Bot <commit-bot@chromium.org>	Thu Aug 16 06:49:42 2018 +0000
tree	31370859b9dce2d4ae78346dff6876ec3241d8ee
parent	6f2f07302825d50508e4f74de502c3013c792307 [diff]