use system ca-certificates

diff --git a/nodejs-use-system-certs.patch b/nodejs-use-system-certs.patch
new file mode 100644 (file)
index 0000000..952f341
--- /dev/null
+++ b/nodejs-use-system-certs.patch
@@ -0,0 +1,58 @@
+Description: do not bundle CA certificates, openssl on Debian have them
+ As a consequence, nodejs must depend on ca-certificates.
+Forwarded: need some feedback before submitting the matter upstream
+Author: Jérémy Lal <kapouer@melix.org>
+Last-Update: 2014-03-02
+
+Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the correct path for Fedora
+Modified 2014-08-11 by Elan Ruusamäe <glen@delfi.ee> with the correct path for PLD
+--- a/src/node_crypto.cc
++++ b/src/node_crypto.cc
+@@ -64,7 +64,6 @@
+ namespace node {
+ 
+ const char* root_certs[] = {
+-#include "node_root_certs.h"  // NOLINT(build/include_order)
+   NULL
+ };
+ 
+@@ -561,32 +560,16 @@
+   assert(sc->ca_store_ == NULL);
+ 
+   if (!root_cert_store) {
+-    root_cert_store = X509_STORE_new();
+-
+-    for (int i = 0; root_certs[i]; i++) {
+-      BIO *bp = BIO_new(BIO_s_mem());
+-
+-      if (!BIO_write(bp, root_certs[i], strlen(root_certs[i]))) {
+-        BIO_free(bp);
+-        return False();
+-      }
+-
+-      X509 *x509 = PEM_read_bio_X509(bp, NULL, NULL, NULL);
+-
+-      if (x509 == NULL) {
+-        BIO_free(bp);
+-        return False();
+-      }
+-
+-      X509_STORE_add_cert(root_cert_store, x509);
+-
+-      BIO_free(bp);
+-      X509_free(x509);
++    if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/certs/ca-certificates.crt", NULL) == 1) {
++      root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
++    } else {
++      // empty store
++      root_cert_store = X509_STORE_new();
+     }
++  } else {
++    SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
+   }
+-
+   sc->ca_store_ = root_cert_store;
+-  SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
+ 
+   return True();
+ }

diff --git a/nodejs.spec b/nodejs.spec
index 33cd19bbf663951173c499b1343806a8ce81be25..c28a22a0eed0f808fb0652b26d157c0dda538dc3 100644 (file)
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -11,6 +11,7 @@ Patch1:               %{name}-shared.patch
 Patch2:                %{name}-libpath.patch
 # use /usr/lib64/node as an arch-specific module dir when appropriate
 Patch3:                %{name}-lib64path.patch
+Patch4:                %{name}-use-system-certs.patch
 Patch5:                uv-fpic.patch
 # The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot
 # be done in a stable distribution release.  This build of nodejs will behave as
@@ -33,6 +34,7 @@ BuildRequires:        rpmbuild(macros) >= 1.219
 BuildRequires: sed >= 4.0
 BuildRequires: v8-devel >= 3.15.11.10
 BuildRequires: zlib-devel
+Requires:      ca-certificates
 Obsoletes:     nodejs-waf
 ExclusiveArch: %{ix86} %{x8664} arm
 BuildRoot:     %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -81,6 +83,7 @@ This package contains the documentation for nodejs.
 %else
 %patch2 -p1
 %endif
+%patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1