-Description: do not bundle CA certificates, openssl on Debian have them
- As a consequence, nodejs must depend on ca-certificates.
-Forwarded: https://github.com/nodejs/node/issues/3159
-Author: Jérémy Lal <kapouer@melix.org>
-Modified 2014-08-11 by Elan Ruusamäe <glen@delfi.ee> with the correct path for PLD
-Modified 2015-10-17 by Elan Ruusamäe <glen@delfi.ee> updated for node 4.2.1-LTS
-Modified 2017-11-02 by Elan Ruusamäe <glen@delfi.ee> updated for node 6.11.5-LTS
---- node-v6.11.5/src/node_crypto.cc~ 2017-10-24 22:10:14.000000000 +0300
-+++ node-v6.11.5/src/node_crypto.cc 2017-11-02 13:38:45.435760247 +0200
-@@ -121,8 +121,6 @@
- static Mutex* mutexes;
-
- static const char* const root_certs[] = {
--#include "node_root_certs.h" // NOLINT(build/include_order)
--};
-
- static std::string extra_root_certs_file; // NOLINT(runtime/string)
-
-@@ -850,24 +848,18 @@
- (void) &clear_error_on_return; // Silence compiler warning.
-
- if (!root_cert_store) {
-- root_cert_store = NewRootCertStore();
--
-- if (!extra_root_certs_file.empty()) {
-- unsigned long err = AddCertsFromFile( // NOLINT(runtime/int)
-- root_cert_store,
-- extra_root_certs_file.c_str());
-- if (err) {
-- ProcessEmitWarning(sc->env(),
-- "Ignoring extra certs from `%s`, load failed: %s\n",
-- extra_root_certs_file.c_str(),
-- ERR_error_string(err, nullptr));
-- }
-- }
-+ if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/certs/ca-certificates.crt", NULL) == 1) {
-+ root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
-+ } else {
-+ // new empty store
-+ root_cert_store = NewRootCertStore();
-+ }
-+ } else {
-+ SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
- }
-
- // Increment reference count so global store is not deleted along with CTX.
- X509_STORE_up_ref(root_cert_store);
-- SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
- }
-
-
projects / packages / nodejs.git / commitdiff