New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 591545 link

Starred by 4 users
Status: Fixed
Owner:
svaldez@chromium.org
Last visit > 30 days ago
Closed: Apr 2016
Cc:
davidben@chromium.org
ios-bugs@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: 2
Type: Bug

Blocked on:
issue 591542


Sign in to add a comment

Switch iOS to use BoringSSL

Project Member Reported by rsleevi@chromium.org, Mar 2 2016 
iOS is the last remaining port using NSS for mainline crypto.

We should switch to BoringSSL.
Project Member

Comment 1 by bugdroid1@chromium.org, Mar 17 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2e34051065f7e6bd139780273148d7d0c643485f

commit 2e34051065f7e6bd139780273148d7d0c643485f
Author: svaldez <svaldez@chromium.org>
Date: Thu Mar 17 22:38:05 2016

Fix BoringSSL build on iOS

In order to get BoringSSL to build on iOS we need to make a couple of initial changes:

* We disable unittests due to the current inability to run new processes on iOS.
* We disable the use of custom assembly since we are unable to build the assembly for the iOS architecture and would otherwise be unable to test it.

BUG= 591545 

Review URL: https://codereview.chromium.org/1809153002

Cr-Commit-Position: refs/heads/master@{#381812}

[modify] https://crrev.com/2e34051065f7e6bd139780273148d7d0c643485f/third_party/boringssl/BUILD.gn
[modify] https://crrev.com/2e34051065f7e6bd139780273148d7d0c643485f/third_party/boringssl/boringssl.gyp
[modify] https://crrev.com/2e34051065f7e6bd139780273148d7d0c643485f/third_party/boringssl/boringssl_tests.gyp

Comment 2 by davidben@chromium.org, Mar 17 2016 

> * We disable the use of custom assembly since we are unable to build the assembly for the iOS architecture and would otherwise be unable to test it.

I'd also add that target_arch in iOS is largely a lie. iOS expects XCode to deal with the per-arch dispatch, so doing checks in gyp/gn doesn't work very well.
Project Member

Comment 3 by bugdroid1@chromium.org, Mar 18 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a1714ab3703201b3a3c424fa42788f0e4d060b26

commit a1714ab3703201b3a3c424fa42788f0e4d060b26
Author: svaldez <svaldez@chromium.org>
Date: Fri Mar 18 20:47:53 2016

Adding macro to enable changing SSL library (Part 1)

This changes the macro used to be USE_NSS_VERIFIER and modifies build
files to no longer assume iOS is using NSS.

BUG= 591545 

Review URL: https://codereview.chromium.org/1808963004

Cr-Commit-Position: refs/heads/master@{#382077}

[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/build/common.gypi
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/build/config/BUILD.gn
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/build/config/crypto.gni
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/crypto/nss_util.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/ios/chrome/browser/ios_chrome_io_thread.mm
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/ios/crnet/crnet_environment.mm
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/ios/web/app/web_main_loop.mm
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/BUILD.gn
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/cert/cert_verify_proc.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/cert/cert_verify_proc_unittest.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/cert/ev_root_ca_metadata.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/cert/ev_root_ca_metadata.h
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/cert/multi_threaded_cert_verifier.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/cert/test_root_certs.h
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/cert/test_root_certs_unittest.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/cert/x509_util_nss.h
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/net.gyp
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/net_common.gypi
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/socket/ssl_client_socket_nss.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/socket/ssl_client_socket_openssl.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/test/embedded_test_server/embedded_test_server_unittest.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/test/net_test_suite.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/url_request/url_fetcher_impl_unittest.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/net/url_request/url_request_unittest.cc
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/tools/gn/docs/cookbook.md
[modify] https://crrev.com/a1714ab3703201b3a3c424fa42788f0e4d060b26/tools/grit/grit_rule.gni
Project Member

Comment 5 by bugdroid1@chromium.org, Mar 25 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/28472efddd70ac4affc0ba9a46a56697937840a3

commit 28472efddd70ac4affc0ba9a46a56697937840a3
Author: rockot <rockot@chromium.org>
Date: Fri Mar 25 18:02:26 2016

Revert of Adding iOS OpenSSL Implementation (patchset #23 id:420001 of https://codereview.chromium.org/1810153002/ )

Reason for revert:
Broken iOS build: https://build.chromium.org/p/chromium.mac/builders/iOS_Device/builds/44491/steps/compile/logs/stdio

Let's try relanding with the potential fix from https://codereview.chromium.org/1834583006 merged in.

Original issue's description:
> This adds the OpenSSL-specific implementations for iOS, using SecTrustEvaluate in order to determine the validity of the certificate chain.
>
> BUG= 591545 
>
> Committed: https://crrev.com/864f9468ae2a8d1ba95c64824ef2caf05b7121fc
> Cr-Commit-Position: refs/heads/master@{#383297}

TBR=davidben@chromium.org,rsleevi@chromium.org,svaldez@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 591545 

Review URL: https://codereview.chromium.org/1838513002

Cr-Commit-Position: refs/heads/master@{#383301}

[modify] https://crrev.com/28472efddd70ac4affc0ba9a46a56697937840a3/net/BUILD.gn
[modify] https://crrev.com/28472efddd70ac4affc0ba9a46a56697937840a3/net/cert/cert_verify_proc.cc
[delete] https://crrev.com/affa906687c76c929545f8073fffaa53ff3a1a4a/net/cert/cert_verify_proc_ios.cc
[delete] https://crrev.com/affa906687c76c929545f8073fffaa53ff3a1a4a/net/cert/cert_verify_proc_ios.h
[delete] https://crrev.com/affa906687c76c929545f8073fffaa53ff3a1a4a/net/cert/x509_certificate_openssl_ios.cc
[modify] https://crrev.com/28472efddd70ac4affc0ba9a46a56697937840a3/net/net.gyp
[modify] https://crrev.com/28472efddd70ac4affc0ba9a46a56697937840a3/net/net.gypi
[modify] https://crrev.com/28472efddd70ac4affc0ba9a46a56697937840a3/net/net_common.gypi
Project Member

Comment 8 by bugdroid1@chromium.org, Apr 13 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/88283eca96ddc06440a778132f969a3e8360dbbf

commit 88283eca96ddc06440a778132f969a3e8360dbbf
Author: svaldez <svaldez@chromium.org>
Date: Wed Apr 13 17:13:20 2016

Switching iOS to use BoringSSL

This switches use_openssl on for iOS.

BUG= 591545 

Review URL: https://codereview.chromium.org/1872813002

Cr-Commit-Position: refs/heads/master@{#387011}

[modify] https://crrev.com/88283eca96ddc06440a778132f969a3e8360dbbf/build/common.gypi
[modify] https://crrev.com/88283eca96ddc06440a778132f969a3e8360dbbf/build/config/crypto.gni

Comment 9 by davidben@chromium.org, Apr 13 2016 

\o/

Comment 10 by svaldez@chromium.org, Apr 19 2016

Status: Fixed (was: Assigned)

Sign in to add a comment