# Chrome Certificate Verifier Library

The folder provides targets for building the certificate verifier used by
chromium. The sources live in the chromium source repo. It is recommended
to download the repo via `pw package install chromium_verifier`, which
performs a sparse checkout instead of checking out the who repo. For gn build,
set `dir_pw_third_party_chromium_verifier` to point to the repo path. The
library requires `third_party/boringssl` and need to be setup first. See
`third_party/boringssl/README.md` for instruction. The library will primarily
be used by pw_tls_client when using boringssl backend.

The verifier we build for embedded target excludes the chromium metric feature.
Specifically, for the current port, we use a noop implementation for function
`UmaHistogramCounts10000()`. The function is originally used to generate
histograms that record iteration count. For the verifier, the iteration count
is only used in unittest. Compiling the feature requires to bring in a
significant amount of additional sources and also many system dependencies
including threading, file system, memory mapping management (sys/mman.h) etc.
It's too complicated to accomodate for embedded target.

However we do build a full version including the metric feature on Linux host
platform for running native unittest, as a criterion for rolling.

Certain chromium sources include header `pthread.h` and use data type and
functions such as `pthread_t`, `pthread_mutex_lock` etc. Although the code
the verifier executes has no reference to them, they are still needed for
compilation. If the target platform does not have a native POSIX thread
implementation, we provide a `pthread.h` that declares the needed data types
and functions for build. For GN builds, simply set
`pw_third_party_chromium_verifier_HAS_NATIVE_PTHREAD` to false.