tree: 4420c887e56037a46e6eccf8d2a7664f4eab4443 [path history] [tgz]
  1. public/
  2. BUILD.bazel
  3. BUILD.gn
  4. chromium_verifier.gni
  5. OWNERS
  6. README.md
  7. sources.gni
third_party/chromium_verifier/README.md

Chrome Certificate Verifier Library

The folder provides targets for building the certificate verifier used by chromium. The sources live in the chromium source repo. It is recommended to download the repo via pw package install chromium_verifier, which performs a sparse checkout instead of checking out the who repo. For gn build, set dir_pw_third_party_chromium_verifier to point to the repo path. The library requires third_party/boringssl and need to be setup first. See third_party/boringssl/README.md for instruction. The library will primarily be used by pw_tls_client when using boringssl backend.

The verifier we build for embedded target excludes the chromium metric feature. Specifically, for the current port, we use a noop implementation for function UmaHistogramCounts10000(). The function is originally used to generate histograms that record iteration count. For the verifier, the iteration count is only used in unittest. Compiling the feature requires to bring in a significant amount of additional sources and also many system dependencies including threading, file system, memory mapping management (sys/mman.h) etc. It's too complicated to accomodate for embedded target.

However we do build a full version including the metric feature on Linux host platform for running native unittest, as a criterion for rolling.

Certain chromium sources include header pthread.h and use data type and functions such as pthread_t, pthread_mutex_lock etc. Although the code the verifier executes has no reference to them, they are still needed for compilation. If the target platform does not have a native POSIX thread implementation, we provide a pthread.h that declares the needed data types and functions for build. For GN builds, simply set pw_third_party_chromium_verifier_HAS_NATIVE_PTHREAD to false.