]>
Commit | Line | Data |
---|---|---|
58e86022 ER |
1 | Description: do not bundle CA certificates, openssl on Debian have them |
2 | As a consequence, nodejs must depend on ca-certificates. | |
3 | Forwarded: need some feedback before submitting the matter upstream | |
4 | Author: Jérémy Lal <kapouer@melix.org> | |
5 | Last-Update: 2014-03-02 | |
6 | ||
7 | Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the correct path for Fedora | |
8 | Modified 2014-08-11 by Elan Ruusamäe <glen@delfi.ee> with the correct path for PLD | |
9 | --- a/src/node_crypto.cc | |
10 | +++ b/src/node_crypto.cc | |
11 | @@ -64,7 +64,6 @@ | |
12 | namespace node { | |
13 | ||
14 | const char* root_certs[] = { | |
15 | -#include "node_root_certs.h" // NOLINT(build/include_order) | |
16 | NULL | |
17 | }; | |
18 | ||
19 | @@ -561,32 +560,16 @@ | |
20 | assert(sc->ca_store_ == NULL); | |
21 | ||
22 | if (!root_cert_store) { | |
23 | - root_cert_store = X509_STORE_new(); | |
24 | - | |
25 | - for (int i = 0; root_certs[i]; i++) { | |
26 | - BIO *bp = BIO_new(BIO_s_mem()); | |
27 | - | |
28 | - if (!BIO_write(bp, root_certs[i], strlen(root_certs[i]))) { | |
29 | - BIO_free(bp); | |
30 | - return False(); | |
31 | - } | |
32 | - | |
33 | - X509 *x509 = PEM_read_bio_X509(bp, NULL, NULL, NULL); | |
34 | - | |
35 | - if (x509 == NULL) { | |
36 | - BIO_free(bp); | |
37 | - return False(); | |
38 | - } | |
39 | - | |
40 | - X509_STORE_add_cert(root_cert_store, x509); | |
41 | - | |
42 | - BIO_free(bp); | |
43 | - X509_free(x509); | |
44 | + if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/certs/ca-certificates.crt", NULL) == 1) { | |
45 | + root_cert_store = SSL_CTX_get_cert_store(sc->ctx_); | |
46 | + } else { | |
47 | + // empty store | |
48 | + root_cert_store = X509_STORE_new(); | |
49 | } | |
50 | + } else { | |
51 | + SSL_CTX_set_cert_store(sc->ctx_, root_cert_store); | |
52 | } | |
53 | - | |
54 | sc->ca_store_ = root_cert_store; | |
55 | - SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_); | |
56 | ||
57 | return True(); | |
58 | } |