1# Chrome Certificate Verifier Library 2 3The folder provides targets for building the certificate verifier used by 4chromium. The sources live in the chromium source repo. It is recommended 5to download the repo via `pw package install chromium_verifier`, which 6performs a sparse checkout instead of checking out the who repo. For gn build, 7set `dir_pw_third_party_chromium_verifier` to point to the repo path. The 8library requires `third_party/boringssl` and need to be setup first. See 9`third_party/boringssl/README.md` for instruction. The library will primarily 10be used by pw_tls_client when using boringssl backend. 11 12The verifier we build for embedded target excludes the chromium metric feature. 13Specifically, for the current port, we use a noop implementation for function 14`UmaHistogramCounts10000()`. The function is originally used to generate 15histograms that record iteration count. For the verifier, the iteration count 16is only used in unittest. Compiling the feature requires to bring in a 17significant amount of additional sources and also many system dependencies 18including threading, file system, memory mapping management (sys/mman.h) etc. 19It's too complicated to accomodate for embedded target. 20 21However we do build a full version including the metric feature on Linux host 22platform for running native unittest, as a criterion for rolling. 23 24Certain chromium sources include header `pthread.h` and use data type and 25functions such as `pthread_t`, `pthread_mutex_lock` etc. Although the code 26the verifier executes has no reference to them, they are still needed for 27compilation. If the target platform does not have a native POSIX thread 28implementation, we provide a `pthread.h` that declares the needed data types 29and functions for build. For GN builds, simply set 30`pw_third_party_chromium_verifier_HAS_NATIVE_PTHREAD` to false. 31