mirror of
https://github.com/dart-lang/sdk
synced 2024-09-05 00:13:50 +00:00
c84edaefe9
No one could remember why this code was in a separate repo, and checking it in to the SDK repo will make eliminating the flutter buildroot repo a tiny bit easier. TEST=It builds. Change-Id: Ia34ca0c284fee1dd1734f45ef7acb9dd5cde808c Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/342083 Reviewed-by: Ryan Macnak <rmacnak@google.com> Reviewed-by: Siva Annamalai <asiva@google.com> Reviewed-by: Brian Quinlan <bquinlan@google.com>
53 lines
2 KiB
Plaintext
53 lines
2 KiB
Plaintext
Name: Root certificates for trusted CAs
|
|
Short Name: root_certificates
|
|
URL: https://github.com/dart-lang/root_certificates
|
|
Version: 0.2
|
|
Date: Jan 9, 2017
|
|
License: MPL/2.0, https://www.mozilla.org/MPL/2.0/
|
|
|
|
Description:
|
|
This directory contains the root CA certificates chosen to be trusted by
|
|
Mozilla's NSS library, reformatted into an array in C source code, to be
|
|
used by the default SecurityContext obect in Dart's dart:io library for
|
|
secure networking (TLS, SSL) for operating systems that don't have a supported
|
|
certificate store.
|
|
|
|
The files can be updated as follows:
|
|
|
|
1. Fetch the certificates from Mozilla with this command line:
|
|
|
|
curl https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt -o certdata.txt
|
|
|
|
2. Convert from Mozilla format to PEM format by running the utility
|
|
at https://github.com/agl/extract-nss-root-certs:
|
|
|
|
go run convert_mozilla_certdata.go > certdata.pem
|
|
|
|
Note that this utility produces a warning about one certificate with a negative
|
|
serial number. This is expected.
|
|
|
|
3. Strip comments from this file to decrease the size of the string
|
|
that will be compiled into the Dart executable:
|
|
|
|
sed '/^#/d' ./certdata.pem > ./certdata.stripped
|
|
|
|
4. Convert the stripped file to a C character array with the xxd utility:
|
|
|
|
xxd -i certdata.stripped > certdata.cc
|
|
|
|
5. Make the following changes to certdata.cc:
|
|
- Copy the MPL copyright header from root_certificates.cc to certdata.cc.
|
|
- Update the conversion date in the copyright comment.
|
|
- Copy the #ifdef/#endif and namespace declarations from
|
|
root_certificates.cc into certdata.cc.
|
|
- Rename the array variable from certdata_stripped to root_certificates_pem_.
|
|
- Rename the variable containing the array length from
|
|
certdata_stripped_length to root_certificates_pem_length.
|
|
- Above the declaration for root_certificates_pem_length, add this line:
|
|
const unsigned char* root_certificates_pem = root_certificates_pem_;
|
|
|
|
6. Update root_certificates.cc as follows:
|
|
|
|
mv certdata.cc root_certificates.cc
|
|
|