Use Openssl on OS X and Windows?

787 views
Skip to first unread message

Zhao Cheng

unread,
Aug 24, 2012, 4:23:10 AM8/24/12
to chromi...@chromium.org
Hi chromium-dev,

As I saw in the source code, Chromium is built with Openssl on Linux,
and is built with nss on Mac, so is it possible to build Chromium with
openssl on Mac? I tried to change the flag in build/common.gypi but
merely that still caused many compilation errors.

I see a bug on Chromium at
http://code.google.com/p/chromium/issues/detail?id=62803 , but since
Linux version is already built with openssl, does it mean that we can
also build Chromium with openssl on Mac and Windows?

--
Cheng
Intel Open Source Technology Center

Ryan Sleevi

unread,
Aug 24, 2012, 4:42:23 AM8/24/12
to zcb...@gmail.com, chromi...@chromium.org

The OpenSSL build is not supported on Linux. Chromium and Google Chrome builds use NSS for SSL on all platforms but Android.

OpenSSL is used solely for non-certificate related tasks on Android, and for handling the SSL protocol itself. All certificate verification happens via JNI to appropriate Java APIs that can correctly and securely verify certificates - a task that OpenSSL can still not do.

Despite the context and old comments on that bug, there are no plans to support an OpenSSL build as a first-class platform, nor would it be recommended for any usage other than how Android currently uses it.

The build on Linux via the GYP flag happens to work solely as an artifact of the Android upstreaming, and exists as an FYI bot and pseudo-config to make it easier for developers working on the network and crypto layers to rapidly test changes that may affect Android, without having to have a full Android dev environment. It should only be used for that purpose.

--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
    http://groups.google.com/a/chromium.org/group/chromium-dev

Zhao Cheng

unread,
Aug 26, 2012, 1:13:40 AM8/26/12
to rsl...@chromium.org, chromi...@chromium.org
Thanks for your explanation!

But the source code I got from official repository seems to build
Chromium on Linux with Openssl. The .DEPS.git didn't download nss in
unix and the build/common.gypi set use_openssl on posix environment.

Does it mean that I should change those settings to build Chromium
with NSS on Linux?

Ryan Sleevi

unread,
Aug 26, 2012, 1:57:44 AM8/26/12
to Zhao Cheng, chromi...@chromium.org

On Linux, it uses system NSS, which is installed by install-build-deps.sh, which is part of the getting started build steps.

Unless you explicitly build with the use_openssl GYP define, or are following the Android build steps, Chromium uses NSS for SSL, as it always has. You should only pass the use_openssl flag if you're developing/testing for Android. You should not do it otherwise, and if you do, you will not have a safe or secure browser result from it.

At this time, we're not interested in the additional, significant overhead that would be required to support and maintain OpenSSL for non-Android platforms.

Reply all
Reply to author
Forward
0 new messages