Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v8.x backport] src: add openssl-system-ca-path configure option #18174

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions configure
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,12 @@ parser.add_option('--openssl-use-def-ca-store',
dest='use_openssl_ca_store',
help='Use OpenSSL supplied CA store instead of compiled-in Mozilla CA copy.')

parser.add_option('--openssl-system-ca-path',
action='store',
dest='openssl_system_ca_path',
help='Use the specified path to system CA (PEM format) in addition to '
'the OpenSSL supplied CA store or compiled-in Mozilla CA copy.')

shared_optgroup.add_option('--shared-http-parser',
action='store_true',
dest='shared_http_parser',
Expand Down Expand Up @@ -1035,6 +1041,8 @@ def configure_openssl(o):
o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0
if options.use_openssl_ca_store:
o['defines'] += ['NODE_OPENSSL_CERT_STORE']
if options.openssl_system_ca_path:
o['variables']['openssl_system_ca_path'] = options.openssl_system_ca_path
o['variables']['node_without_node_options'] = b(options.without_node_options)
if options.without_node_options:
o['defines'] += ['NODE_WITHOUT_NODE_OPTIONS']
Expand Down
10 changes: 10 additions & 0 deletions node.gyp
Original file line number Diff line number Diff line change
Expand Up @@ -284,12 +284,17 @@
'<(SHARED_INTERMEDIATE_DIR)/node_javascript.cc',
],

'variables': {
'openssl_system_ca_path%': '',
},

'defines': [
'NODE_ARCH="<(target_arch)"',
'NODE_PLATFORM="<(OS)"',
'NODE_WANT_INTERNALS=1',
# Warn when using deprecated V8 APIs.
'V8_DEPRECATION_WARNINGS=1',
'NODE_OPENSSL_SYSTEM_CERT_PATH="<(openssl_system_ca_path)"',
],
'conditions': [
[ 'node_shared=="true" and node_module_version!="" and OS!="win"', {
Expand Down Expand Up @@ -441,6 +446,11 @@
'defines': [ 'HAVE_OPENSSL=0' ]
}],
],
'direct_dependent_settings': {
'defines': [
'NODE_OPENSSL_SYSTEM_CERT_PATH="<(openssl_system_ca_path)"',
],
},
},
{
'target_name': 'mkssldef',
Expand Down
5 changes: 5 additions & 0 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,8 @@ static const char* const root_certs[] = {
#include "node_root_certs.h" // NOLINT(build/include_order)
};

static const char system_cert_path[] = NODE_OPENSSL_SYSTEM_CERT_PATH;

static std::string extra_root_certs_file; // NOLINT(runtime/string)

static X509_STORE* root_cert_store;
Expand Down Expand Up @@ -800,6 +802,9 @@ static X509_STORE* NewRootCertStore() {
}

X509_STORE* store = X509_STORE_new();
if (*system_cert_path != '\0') {
X509_STORE_load_locations(store, system_cert_path, nullptr);
}
if (ssl_openssl_cert_store) {
X509_STORE_set_default_paths(store);
} else {
Expand Down
4 changes: 3 additions & 1 deletion test/parallel/test-process-config.js
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,9 @@ if (!fs.existsSync(configPath)) {
let config = fs.readFileSync(configPath, 'utf8');

// Clean up comment at the first line.
config = config.split('\n').slice(1).join('\n').replace(/'/g, '"');
config = config.split('\n').slice(1).join('\n');
config = config.replace(/"/g, '\\"');
config = config.replace(/'/g, '"');
config = JSON.parse(config, function(key, value) {
if (value === 'true') return true;
if (value === 'false') return false;
Expand Down