Merge system certs with internal one

contrib/libs/grpc/CMakeLists.darwin-x86_64.txt

@@ -692,10 +692,10 @@ target_sources(contrib-libs-grpc PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_credentials.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_utils.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/xds/xds_credentials.cc
+  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/alts/alts_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/fake/fake_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc
-  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_fallback.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_linux.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/local/local_security_connector.cc

contrib/libs/grpc/CMakeLists.linux-aarch64.txt

@@ -693,10 +693,10 @@ target_sources(contrib-libs-grpc PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_credentials.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_utils.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/xds/xds_credentials.cc
+  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/alts/alts_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/fake/fake_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc
-  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_fallback.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_linux.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/local/local_security_connector.cc

contrib/libs/grpc/CMakeLists.linux-x86_64.txt

@@ -693,10 +693,10 @@ target_sources(contrib-libs-grpc PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_credentials.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_utils.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/xds/xds_credentials.cc
+  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/alts/alts_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/fake/fake_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc
-  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_fallback.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_linux.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/local/local_security_connector.cc

contrib/libs/grpc/CMakeLists.windows-x86_64.txt

@@ -691,10 +691,10 @@ target_sources(contrib-libs-grpc PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_credentials.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/tls/tls_utils.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/credentials/xds/xds_credentials.cc
+  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/alts/alts_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/fake/fake_security_connector.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc
-  ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_fallback.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/load_system_roots_linux.cc
   ${CMAKE_SOURCE_DIR}/contrib/libs/grpc/src/core/lib/security/security_connector/local/local_security_connector.cc

contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.cpp

@@ -0,0 +1,16 @@
+#include "add_arcadia_root_certs.h"
+#include "grpc/support/alloc.h"
+
+#include <library/cpp/resource/resource.h>
+
+namespace grpc_core {
+    grpc_slice AddArcadiaRootCerts(grpc_slice systemCerts) {
+        TString cacert = NResource::Find("/builtin/cacert");
+        size_t sumSize = cacert.size() + GRPC_SLICE_LENGTH(systemCerts);
+        char* bundleString = static_cast<char*>(gpr_zalloc(sumSize + 1)); // With \0.
+        memcpy(bundleString, cacert.data(), cacert.size());
+        memcpy(bundleString + cacert.size(), GRPC_SLICE_START_PTR(systemCerts), GRPC_SLICE_LENGTH(systemCerts));
+        grpc_slice_unref(systemCerts);
+        return grpc_slice_new(bundleString, sumSize, gpr_free);
+    }
+}

contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.h → contrib/libs/grpc/src/core/lib/security/security_connector/add_arcadia_root_certs.h

@@ -3,5 +3,5 @@
 #include <grpc/slice.h>
 
 namespace grpc_core {
-    grpc_slice LoadArcadiaRootCerts();
+    grpc_slice AddArcadiaRootCerts(grpc_slice systemCerts);
 }

contrib/libs/grpc/src/core/lib/security/security_connector/load_arcadia_root_certs.cpp

@@ -1,10 +0,0 @@
-#include "load_arcadia_root_certs.h"
-
-#include <library/cpp/resource/resource.h>
-
-namespace grpc_core {
-    grpc_slice LoadArcadiaRootCerts() {
-        TString cacert = NResource::Find("/builtin/cacert");
-        return grpc_slice_from_copied_buffer(cacert.data(), cacert.size() + 1); // With \0.
-    }
-}

contrib/libs/grpc/src/core/lib/security/security_connector/ssl_utils.cc

@@ -39,7 +39,7 @@
 #include "src/core/lib/security/security_connector/ssl_utils_config.h"
 #include "src/core/tsi/ssl_transport_security.h"
 
-#include "load_arcadia_root_certs.h"
+#include "add_arcadia_root_certs.h"
 
 /* -- Constants. -- */
 
@@ -589,13 +589,11 @@ grpc_slice DefaultSslRootStore::ComputePemRootCerts() {
     }
     gpr_free(pem_root_certs);
   }
-  // Load Arcadia certs.
-  if (GRPC_SLICE_IS_EMPTY(result)) {
-    result = LoadArcadiaRootCerts();
-  }
   // Try loading roots from OS trust store if flag is enabled.
   if (GRPC_SLICE_IS_EMPTY(result) && !not_use_system_roots) {
     result = LoadSystemRootCerts();
+    // Merge with Arcadia certs.
+    result = AddArcadiaRootCerts(result);
   }
   // Fallback to roots manually shipped with gRPC.
   if (GRPC_SLICE_IS_EMPTY(result) &&