crypto: enable auto cert chaining for BoringSSL

OpenSSL enables this feature by default, but BoringSSL doesn't. This change makes it so that when building node with BoringSSL, the behaviour matches OpenSSL's. PR-URL: #22110 Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]>
nodejs · Oct 3, 2018 · 074b7af · 074b7af
1 parent fb03faa
commit 074b7af
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -463,6 +463,11 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
   SSL_CTX_set_options(sc->ctx_.get(), SSL_OP_NO_SSLv2);
   SSL_CTX_set_options(sc->ctx_.get(), SSL_OP_NO_SSLv3);
 
+  // Enable automatic cert chaining. This is enabled by default in OpenSSL, but
+  // disabled by default in BoringSSL. Enable it explicitly to make the
+  // behavior match when Node is built with BoringSSL.
+  SSL_CTX_clear_mode(sc->ctx_.get(), SSL_MODE_NO_AUTO_CHAIN);
+
   // SSL session cache configuration
   SSL_CTX_set_session_cache_mode(sc->ctx_.get(),
                                  SSL_SESS_CACHE_SERVER |