1 Description: do not bundle CA certificates, openssl on Debian have them
2 As a consequence, nodejs must depend on ca-certificates.
3 Forwarded: https://github.com/nodejs/node/issues/3159
4 Author: Jérémy Lal <kapouer@melix.org>
5 Modified 2014-08-11 by Elan Ruusamäe <glen@delfi.ee> with the correct path for PLD
6 Modified 2015-10-17 by Elan Ruusamäe <glen@delfi.ee> updated for node 4.2.1-LTS
7 --- nodejs-4.5.0/src/node_crypto.cc.orig 2016-08-16 17:09:50.000000000 +0200
8 +++ nodejs-4.5.0/src/node_crypto.cc 2016-09-09 23:40:11.959456422 +0200
10 static uv_mutex_t* locks;
12 const char* const root_certs[] = {
13 -#include "node_root_certs.h" // NOLINT(build/include_order)
16 X509_STORE* root_cert_store;
18 CHECK_EQ(sc->ca_store_, nullptr);
20 if (!root_cert_store) {
21 - root_cert_store = X509_STORE_new();
23 - for (size_t i = 0; i < arraysize(root_certs); i++) {
24 - BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i]));
25 - if (bp == nullptr) {
29 - X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr);
30 - if (x509 == nullptr) {
35 - X509_STORE_add_cert(root_cert_store, x509);
39 + if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/certs/ca-certificates.crt", NULL) == 1) {
40 + root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
43 + root_cert_store = X509_STORE_new();
46 + SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
50 sc->ca_store_ = root_cert_store;
51 - SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);