]>
Commit | Line | Data |
---|---|---|
58e86022 ER |
1 | Description: do not bundle CA certificates, openssl on Debian have them |
2 | As a consequence, nodejs must depend on ca-certificates. | |
318ea6db | 3 | Forwarded: https://github.com/nodejs/node/issues/3159 |
58e86022 | 4 | Author: Jérémy Lal <kapouer@melix.org> |
58e86022 | 5 | Modified 2014-08-11 by Elan Ruusamäe <glen@delfi.ee> with the correct path for PLD |
3de234b3 | 6 | Modified 2015-10-17 by Elan Ruusamäe <glen@delfi.ee> updated for node 4.2.1-LTS |
318ea6db | 7 | --- nodejs-4.5.0/src/node_crypto.cc.orig 2016-08-16 17:09:50.000000000 +0200 |
8 | +++ nodejs-4.5.0/src/node_crypto.cc 2016-09-09 23:40:11.959456422 +0200 | |
9 | @@ -117,7 +117,6 @@ | |
3de234b3 | 10 | static uv_mutex_t* locks; |
58e86022 | 11 | |
3de234b3 | 12 | const char* const root_certs[] = { |
58e86022 | 13 | -#include "node_root_certs.h" // NOLINT(build/include_order) |
58e86022 ER |
14 | }; |
15 | ||
3de234b3 | 16 | X509_STORE* root_cert_store; |
318ea6db | 17 | @@ -754,29 +753,18 @@ |
3de234b3 | 18 | CHECK_EQ(sc->ca_store_, nullptr); |
58e86022 ER |
19 | |
20 | if (!root_cert_store) { | |
21 | - root_cert_store = X509_STORE_new(); | |
22 | - | |
318ea6db | 23 | - for (size_t i = 0; i < arraysize(root_certs); i++) { |
24 | - BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i])); | |
25 | - if (bp == nullptr) { | |
3de234b3 | 26 | - return; |
58e86022 ER |
27 | - } |
28 | - | |
3de234b3 | 29 | - X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr); |
3de234b3 ER |
30 | - if (x509 == nullptr) { |
31 | - BIO_free_all(bp); | |
32 | - return; | |
58e86022 ER |
33 | - } |
34 | - | |
35 | - X509_STORE_add_cert(root_cert_store, x509); | |
36 | - | |
3de234b3 | 37 | - BIO_free_all(bp); |
58e86022 ER |
38 | - X509_free(x509); |
39 | + if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/certs/ca-certificates.crt", NULL) == 1) { | |
40 | + root_cert_store = SSL_CTX_get_cert_store(sc->ctx_); | |
41 | + } else { | |
318ea6db | 42 | + // new empty store |
58e86022 ER |
43 | + root_cert_store = X509_STORE_new(); |
44 | } | |
45 | + } else { | |
46 | + SSL_CTX_set_cert_store(sc->ctx_, root_cert_store); | |
47 | } | |
3de234b3 | 48 | |
318ea6db | 49 | + |
58e86022 ER |
50 | sc->ca_store_ = root_cert_store; |
51 | - SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_); | |
58e86022 | 52 | } |
318ea6db | 53 | |
54 |