GitHub - dart-archive/root_certificates: The set of root certificates trusted by dart:io's default SecurityContext. Taken from Mozilla's NSS library.

This repository has been archived by the owner on Jan 10, 2023. It is now read-only.

dart-archive / root_certificates Public archive

Notifications You must be signed in to change notification settings
Fork 15
Star 11

The set of root certificates trusted by dart:io's default SecurityContext. Taken from Mozilla's NSS library.

MPL-2.0 license

11 stars 15 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
LICENSE		LICENSE
README.google		README.google
certdata.pem		certdata.pem
certdata.txt		certdata.txt
codereview.settings		codereview.settings
root_certificates.cc		root_certificates.cc

Repository files navigation

Name: Root certificates for trusted CAs
Short Name: root_certificates
URL: https://github.com/dart-lang/root_certificates
Version: 0.2
Date: Jan 9, 2017
License: MPL/2.0, https://www.mozilla.org/MPL/2.0/

Description:
This directory contains the root CA certificates chosen to be trusted by
Mozilla's NSS library, reformatted into an array in C source code, to be
used by the default SecurityContext obect in Dart's dart:io library for
secure networking (TLS, SSL) for operating systems that don't have a supported
certificate store.

The files can be updated as follows:

1. Fetch the certificates from Mozilla with this command line:

curl https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt -o certdata.txt

2. Convert from Mozilla format to PEM format by running the utility
at https://github.com/agl/extract-nss-root-certs:

go run convert_mozilla_certdata.go > certdata.pem

Note that this utility produces a warning about one certificate with a negative
serial number.  This is expected.

3. Strip comments from this file to decrease the size of the string
that will be compiled into the Dart executable:

sed '/^#/d' ./certdata.pem > ./certdata.stripped

4. Convert the stripped file to a C character array with the xxd utility:

xxd -i certdata.stripped > certdata.cc

5. Make the following changes to certdata.cc:
   - Copy the MPL copyright header from root_certificates.cc to certdata.cc.
   - Update the conversion date in the copyright comment.
   - Copy the #ifdef/#endif and  namespace declarations from
      root_certificates.cc into certdata.cc.
   - Rename the array variable from certdata_stripped to root_certificates_pem_.
   - Rename the variable containing the array length from
     certdata_stripped_length to root_certificates_pem_length.
   - Above the declaration for root_certificates_pem_length, add this line:
     const unsigned char* root_certificates_pem = root_certificates_pem_;

6. Update root_certificates.cc as follows:

mv certdata.cc root_certificates.cc