1 Description: do not bundle CA certificates, openssl on Debian have them
2 As a consequence, nodejs must depend on ca-certificates.
3 Forwarded: https://github.com/nodejs/node/issues/3159
4 Author: Jérémy Lal <kapouer@melix.org>
5 Modified 2014-08-11 by Elan Ruusamäe <glen@delfi.ee> with the correct path for PLD
6 Modified 2015-10-17 by Elan Ruusamäe <glen@delfi.ee> updated for node 4.2.1-LTS
7 Modified 2017-11-02 by Elan Ruusamäe <glen@delfi.ee> updated for node 6.11.5-LTS
8 --- node-v6.11.5/src/node_crypto.cc~ 2017-10-24 22:10:14.000000000 +0300
9 +++ node-v6.11.5/src/node_crypto.cc 2017-11-02 13:38:45.435760247 +0200
11 static Mutex* mutexes;
13 static const char* const root_certs[] = {
14 -#include "node_root_certs.h" // NOLINT(build/include_order)
17 static std::string extra_root_certs_file; // NOLINT(runtime/string)
20 (void) &clear_error_on_return; // Silence compiler warning.
22 if (!root_cert_store) {
23 - root_cert_store = NewRootCertStore();
25 - if (!extra_root_certs_file.empty()) {
26 - unsigned long err = AddCertsFromFile( // NOLINT(runtime/int)
28 - extra_root_certs_file.c_str());
30 - ProcessEmitWarning(sc->env(),
31 - "Ignoring extra certs from `%s`, load failed: %s\n",
32 - extra_root_certs_file.c_str(),
33 - ERR_error_string(err, nullptr));
36 + if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/certs/ca-certificates.crt", NULL) == 1) {
37 + root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
40 + root_cert_store = NewRootCertStore();
43 + SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
46 // Increment reference count so global store is not deleted along with CTX.
47 X509_STORE_up_ref(root_cert_store);
48 - SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);