From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- security/manager/ssl/moz.build | 277 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 277 insertions(+) create mode 100644 security/manager/ssl/moz.build (limited to 'security/manager/ssl/moz.build') diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build new file mode 100644 index 0000000000..2df4b2f365 --- /dev/null +++ b/security/manager/ssl/moz.build @@ -0,0 +1,277 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# osclientcerts is currently only implemented for Windows +# osclientcerts transitively depends on winapi 0.2.8, which doesn't work with +# AArch64 +if (CONFIG["OS_ARCH"] == "WINNT" and CONFIG["CPU_ARCH"] != "aarch64") or CONFIG[ + "OS_ARCH" +] == "Darwin": + DIRS += ["osclientcerts"] + +DIRS += ["ipcclientcerts"] +DIRS += ["builtins"] + +TEST_DIRS += ["tests"] + +XPIDL_SOURCES += [ + "nsICertificateDialogs.idl", + "nsICertOverrideService.idl", + "nsICertStorage.idl", + "nsICertTree.idl", + "nsIClientAuthDialogs.idl", + "nsIClientAuthRememberService.idl", + "nsIContentSignatureVerifier.idl", + "nsICryptoHash.idl", + "nsINSSComponent.idl", + "nsINSSErrorsService.idl", + "nsINSSVersion.idl", + "nsIOSKeyStore.idl", + "nsIOSReauthenticator.idl", + "nsIPK11Token.idl", + "nsIPK11TokenDB.idl", + "nsIPKCS11Module.idl", + "nsIPKCS11ModuleDB.idl", + "nsIPKCS11Slot.idl", + "nsIPublicKeyPinningService.idl", + "nsISecretDecoderRing.idl", + "nsISecurityUITelemetry.idl", + "nsISiteSecurityService.idl", + "nsITLSSocketControl.idl", + "nsITokenPasswordDialogs.idl", + "nsITransportSecurityInfo.idl", + "nsIX509Cert.idl", + "nsIX509CertDB.idl", + "nsIX509CertValidity.idl", +] + +XPIDL_MODULE = "pipnss" + +XPCOM_MANIFESTS += [ + "components.conf", +] + +EXTRA_JS_MODULES.psm += [ + "DER.sys.mjs", + "RemoteSecuritySettings.sys.mjs", + "X509.sys.mjs", +] + +EXPORTS += [ + "CommonSocketControl.h", + "CryptoTask.h", + "EnterpriseRoots.h", + "nsClientAuthRemember.h", + "nsNSSCallbacks.h", + "nsNSSCertificate.h", + "nsNSSComponent.h", + "nsNSSHelper.h", + "nsRandomGenerator.h", + "nsSecureBrowserUI.h", + "nsSecurityHeaderParser.h", + "NSSErrorsService.h", + "nsSSLSocketProvider.h", + "nsTLSSocketProvider.h", + "RootCertificateTelemetryUtils.h", + "ScopedNSSTypes.h", + "SharedCertVerifier.h", + "SSLServerCertVerification.h", + "TransportSecurityInfo.h", +] + +EXPORTS.mozilla += [ + "DataStorage.h", + "DataStorageList.h", + "PublicSSL.h", +] + +EXPORTS.mozilla.psm += [ + "IPCClientCertsChild.h", + "IPCClientCertsParent.h", + "SelectTLSClientAuthCertChild.h", + "SelectTLSClientAuthCertParent.h", + "TransportSecurityInfo.h", + "VerifySSLServerCertChild.h", + "VerifySSLServerCertParent.h", +] + +EXPORTS.ipc += [ + "DataStorageIPCUtils.h", +] + +UNIFIED_SOURCES += [ + "AppSignatureVerification.cpp", + "AppTrustDomain.cpp", + "CertStorageMemoryReporting.cpp", + "CommonSocketControl.cpp", + "ContentSignatureVerifier.cpp", + "CryptoTask.cpp", + "DataStorage.cpp", + "EnterpriseRoots.cpp", + "IPCClientCertsChild.cpp", + "IPCClientCertsParent.cpp", + "md4.c", + "nsCertOverrideService.cpp", + "nsCertTree.cpp", + "nsClientAuthRemember.cpp", + "nsNSSCallbacks.cpp", + "nsNSSCertHelper.cpp", + "nsNSSCertificate.cpp", + "nsNSSCertificateDB.cpp", + "nsNSSCertTrust.cpp", + "nsNSSComponent.cpp", + "nsNSSIOLayer.cpp", + "nsNSSModule.cpp", + "nsNSSVersion.cpp", + "nsNTLMAuthModule.cpp", + "nsPK11TokenDB.cpp", + "nsPKCS11Slot.cpp", + "nsPKCS12Blob.cpp", + "nsRandomGenerator.cpp", + "nsSecureBrowserUI.cpp", + "nsSecurityHeaderParser.cpp", + "NSSErrorsService.cpp", + "nsSiteSecurityService.cpp", + "NSSKeyStore.cpp", + "nsSSLSocketProvider.cpp", + "NSSSocketControl.cpp", + "nsTLSSocketProvider.cpp", + "OSKeyStore.cpp", + "PKCS11ModuleDB.cpp", + "PSMRunnable.cpp", + "PublicKeyPinningService.cpp", + "RootCertificateTelemetryUtils.cpp", + "SecretDecoderRing.cpp", + "SharedSSLState.cpp", + "SSLServerCertVerification.cpp", + "TLSClientAuthCertSelection.cpp", + "TransportSecurityInfo.cpp", + "VerifySSLServerCertChild.cpp", + "VerifySSLServerCertParent.cpp", + "X509CertValidity.cpp", +] + +if CONFIG["OS_ARCH"] == "WINNT": + # On Windows this file includes ntsecapi.h, which contains definitions that + # conflict with headers included in remaining source files. We compile this + # one independently to prevent that interferance. + SOURCES += [ + "OSReauthenticator.cpp", + ] +else: + UNIFIED_SOURCES += [ + "OSReauthenticator.cpp", + ] + +if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": + UNIFIED_SOURCES += [ + "LibSecret.cpp", + ] + CFLAGS += CONFIG["GLIB_CFLAGS"] + CXXFLAGS += CONFIG["GLIB_CFLAGS"] + +if CONFIG["OS_ARCH"] == "Darwin": + UNIFIED_SOURCES += [ + "KeychainSecret.cpp", + "OSReauthenticatorDarwin.mm", + ] + OS_LIBS += [ + "-framework LocalAuthentication", + "-framework Security", + ] + +if CONFIG["OS_ARCH"] == "WINNT": + OS_LIBS += ["credui"] + UNIFIED_SOURCES += [ + "CredentialManagerSecret.cpp", + ] + +IPDL_SOURCES += [ + "PIPCClientCerts.ipdl", + "PSelectTLSClientAuthCert.ipdl", + "PSMIPCTypes.ipdlh", + "PVerifySSLServerCert.ipdl", +] + +FINAL_LIBRARY = "xul" + +LOCAL_INCLUDES += [ + "!/dist/public/nss", + "/dom/base", + "/dom/crypto", + "/netwerk/base", + "/security/certverifier", + "/third_party/rust/cose-c/include", + "/xpcom/build", +] + +GeneratedFile( + "nsSTSPreloadListGenerated.inc", + script="../../../xpcom/ds/tools/make_dafsa.py", + inputs=["nsSTSPreloadList.inc"], +) + +DEFINES["SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES"] = "True" +DEFINES["NSS_ENABLE_ECC"] = "True" + +# mozpkix is linked statically from the in-tree sources independent of whether +# system NSS is used or not. +USE_LIBS += ["mozpkix"] + +include("/ipc/chromium/chromium-config.mozbuild") + +if CONFIG["CC_TYPE"] in ("clang", "gcc"): + CXXFLAGS += [ + "-Wextra", + # -Wextra enables this warning, but it's too noisy to be useful. + "-Wno-missing-field-initializers", + ] + + # Gecko headers aren't warning-free enough for us to enable these warnings. + CXXFLAGS += [ + "-Wno-unused-parameter", + ] + +headers_arrays_certs = [ + ( + "xpcshell.inc", + "xpcshellRoot", + "tests/unit/test_signed_apps/xpcshellTestRoot.der", + ), + ("addons-public.inc", "addonsPublicRoot", "addons-public.crt"), + ( + "addons-public-intermediate.inc", + "addonsPublicIntermediate", + "addons-public-intermediate.crt", + ), + ("addons-stage.inc", "addonsStageRoot", "addons-stage.crt"), + ( + "content-signature-prod.inc", + "contentSignatureProdRoot", + "content-signature-prod.crt", + ), + ( + "content-signature-stage.inc", + "contentSignatureStageRoot", + "content-signature-stage.crt", + ), + # The dev root is the same as the stage root. + ( + "content-signature-dev.inc", + "contentSignatureDevRoot", + "content-signature-stage.crt", + ), + ( + "content-signature-local.inc", + "contentSignatureLocalRoot", + "content-signature-local.crt", + ), +] + +for header, array_name, cert in headers_arrays_certs: + GeneratedFile( + header, script="gen_cert_header.py", entry_point=array_name, inputs=[cert] + ) -- cgit v1.2.3