--- /dev/null
+Description: do not bundle CA certificates, openssl on Debian have them
+ As a consequence, nodejs must depend on ca-certificates.
+Forwarded: need some feedback before submitting the matter upstream
+Author: Jérémy Lal <kapouer@melix.org>
+Last-Update: 2014-03-02
+
+Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the correct path for Fedora
+Modified 2014-08-11 by Elan Ruusamäe <glen@delfi.ee> with the correct path for PLD
+--- a/src/node_crypto.cc
++++ b/src/node_crypto.cc
+@@ -64,7 +64,6 @@
+ namespace node {
+
+ const char* root_certs[] = {
+-#include "node_root_certs.h" // NOLINT(build/include_order)
+ NULL
+ };
+
+@@ -561,32 +560,16 @@
+ assert(sc->ca_store_ == NULL);
+
+ if (!root_cert_store) {
+- root_cert_store = X509_STORE_new();
+-
+- for (int i = 0; root_certs[i]; i++) {
+- BIO *bp = BIO_new(BIO_s_mem());
+-
+- if (!BIO_write(bp, root_certs[i], strlen(root_certs[i]))) {
+- BIO_free(bp);
+- return False();
+- }
+-
+- X509 *x509 = PEM_read_bio_X509(bp, NULL, NULL, NULL);
+-
+- if (x509 == NULL) {
+- BIO_free(bp);
+- return False();
+- }
+-
+- X509_STORE_add_cert(root_cert_store, x509);
+-
+- BIO_free(bp);
+- X509_free(x509);
++ if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/certs/ca-certificates.crt", NULL) == 1) {
++ root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
++ } else {
++ // empty store
++ root_cert_store = X509_STORE_new();
+ }
++ } else {
++ SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
+ }
+-
+ sc->ca_store_ = root_cert_store;
+- SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
+
+ return True();
+ }
Patch2: %{name}-libpath.patch
# use /usr/lib64/node as an arch-specific module dir when appropriate
Patch3: %{name}-lib64path.patch
+Patch4: %{name}-use-system-certs.patch
Patch5: uv-fpic.patch
# The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot
# be done in a stable distribution release. This build of nodejs will behave as
BuildRequires: sed >= 4.0
BuildRequires: v8-devel >= 3.15.11.10
BuildRequires: zlib-devel
+Requires: ca-certificates
Obsoletes: nodejs-waf
ExclusiveArch: %{ix86} %{x8664} arm
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%else
%patch2 -p1
%endif
+%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1