]>
Commit | Line | Data |
---|---|---|
58e86022 ER |
1 | Description: do not bundle CA certificates, openssl on Debian have them |
2 | As a consequence, nodejs must depend on ca-certificates. | |
3 | Forwarded: need some feedback before submitting the matter upstream | |
4 | Author: Jérémy Lal <kapouer@melix.org> | |
5 | Last-Update: 2014-03-02 | |
6 | ||
7 | Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the correct path for Fedora | |
8 | Modified 2014-08-11 by Elan Ruusamäe <glen@delfi.ee> with the correct path for PLD | |
3de234b3 ER |
9 | Modified 2015-10-17 by Elan Ruusamäe <glen@delfi.ee> updated for node 4.2.1-LTS |
10 | --- node-v4.2.1/src/node_crypto.cc 2015-10-17 15:14:47.248709690 +0300 | |
11 | +++ node-v4.2.1/src/node_crypto.cc 2015-10-17 15:21:21.109176336 +0300 | |
12 | @@ -127,7 +127,6 @@ | |
13 | static uv_mutex_t* locks; | |
58e86022 | 14 | |
3de234b3 | 15 | const char* const root_certs[] = { |
58e86022 | 16 | -#include "node_root_certs.h" // NOLINT(build/include_order) |
58e86022 ER |
17 | }; |
18 | ||
3de234b3 ER |
19 | X509_STORE* root_cert_store; |
20 | @@ -706,32 +705,17 @@ | |
21 | CHECK_EQ(sc->ca_store_, nullptr); | |
58e86022 ER |
22 | |
23 | if (!root_cert_store) { | |
24 | - root_cert_store = X509_STORE_new(); | |
25 | - | |
3de234b3 ER |
26 | - for (size_t i = 0; i < ARRAY_SIZE(root_certs); i++) { |
27 | - BIO* bp = NodeBIO::New(); | |
58e86022 ER |
28 | - |
29 | - if (!BIO_write(bp, root_certs[i], strlen(root_certs[i]))) { | |
3de234b3 ER |
30 | - BIO_free_all(bp); |
31 | - return; | |
58e86022 ER |
32 | - } |
33 | - | |
3de234b3 | 34 | - X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr); |
58e86022 | 35 | - |
3de234b3 ER |
36 | - if (x509 == nullptr) { |
37 | - BIO_free_all(bp); | |
38 | - return; | |
58e86022 ER |
39 | - } |
40 | - | |
41 | - X509_STORE_add_cert(root_cert_store, x509); | |
42 | - | |
3de234b3 | 43 | - BIO_free_all(bp); |
58e86022 ER |
44 | - X509_free(x509); |
45 | + if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/certs/ca-certificates.crt", NULL) == 1) { | |
46 | + root_cert_store = SSL_CTX_get_cert_store(sc->ctx_); | |
47 | + } else { | |
48 | + // empty store | |
49 | + root_cert_store = X509_STORE_new(); | |
50 | } | |
51 | + } else { | |
52 | + SSL_CTX_set_cert_store(sc->ctx_, root_cert_store); | |
53 | } | |
3de234b3 | 54 | |
58e86022 ER |
55 | sc->ca_store_ = root_cert_store; |
56 | - SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_); | |
58e86022 | 57 | } |