Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

7.x backport: crypto: support OPENSSL_CONF again (and its dependencies) #11345

Closed

Conversation

sam-github
Copy link
Contributor

@sam-github sam-github commented Feb 13, 2017

Backport of:

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. i18n-api Issues and PRs related to the i18n implementation. process Issues and PRs related to the process subsystem. v7.x labels Feb 13, 2017
@sam-github
Copy link
Contributor Author

/to @italoacasas @bnoordhuis
/cc @gibfahn @mhdawson

@sam-github
Copy link
Contributor Author

@italoacasas
Copy link
Contributor

italoacasas commented Feb 13, 2017

thanks @sam-github, I would like to fast-track this backport, potentially landing this tomorrow that way we can include this in the RC. Thoughts?

@sam-github
Copy link
Contributor Author

Agree on fast-tracking.

I didn't think the 48 hour delay applied to backports, but we should get a review by @bnoordhuis soon, or perhaps @jasnell can review these?

The reason they didn't cherrypick clean is that #11051 touched a CLI switch that was only introduced in #10116 (which is semver-major). I just removed the part of the commit that touch the switch that doesn't exist in 7.x.

@gibfahn
Copy link
Member

gibfahn commented Feb 15, 2017

I assume v7.x-staging got rebased, this PR now has 110 commits. Could you rebase @sam-github ?

@italoacasas
Copy link
Contributor

This is my bad, I had to force push to remove some commits with specs issues.

@gibfahn
Copy link
Member

gibfahn commented Feb 15, 2017

@italoacasas I think that's pretty much unavoidable with the number of commits you're juggling.

bnoordhuis and others added 5 commits February 16, 2017 09:06
Mutations of the environment can invalidate pointers to environment
variables, so make `secure_getenv()` copy them out instead of returning
pointers.

PR-URL: nodejs#11051
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Move some code around so we can properly test whether the switch
actually does anything.

PR-URL: nodejs#11255
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Commit a8734af ("src: make copies of startup environment variables")
from two weeks ago introduced a regression in the capturing of the
`--icu-data-dir=` switch: it captured the string up to the `=` instead
of what comes after it.

PR-URL: nodejs#11255
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Allow it to be used anywhere in src/ that env variables with security
implications are accessed.

PR-URL: nodejs#11006
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
A side-effect of https://github.com/nodejs/node-private/pull/82
was to remove support for OPENSSL_CONF, as well as removing the default
read of a configuration file on startup.

Partly revert this, allowing OPENSSL_CONF to be used to specify a
configuration file to read on startup, but do not read a file by
default.

If the --openssl-config command line option is provided, its value is
used, not the OPENSSL_CONF environment variable.

Fix: nodejs#10938
PR-URL: nodejs#11006
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
@sam-github
Copy link
Contributor Author

rebased

btw, will be without internet connection from this afternoon, until Sunday morning

also, @italoacasas I don't quite understand why I needed to rebase, the changes all cherry-pick clean I think, based on the fact that the rebase was completely conflict free

@sam-github
Copy link
Contributor Author

@italoacasas which means I can help with anything for the next 5 hours, but not after

@italoacasas
Copy link
Contributor

italoacasas commented Feb 16, 2017

Moving this to staging right now

@italoacasas
Copy link
Contributor

Landed in v7-staging. Thanks for the help @sam-github

@sam-github sam-github added lts-watch-v6.x semver-minor PRs that contain new features and should be released in the next minor version. and removed lts-watch-v4.x labels Feb 27, 2017
@sam-github
Copy link
Contributor Author

sam-github commented Feb 27, 2017

@nodejs/lts I request acceptance for 6.x, it isn't meaningful for 4.x, which still respects OPENSSL_CONF

It doesn't land clean on 6.x, I am backporting.

EDIT: backported: #11583

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. i18n-api Issues and PRs related to the i18n implementation. process Issues and PRs related to the process subsystem. semver-minor PRs that contain new features and should be released in the next minor version.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants