mirror of
https://src.fedoraproject.org/rpms/nodejs18.git
synced 2024-11-24 17:44:23 +00:00
59 lines
1.5 KiB
Diff
59 lines
1.5 KiB
Diff
|
Description: do not bundle CA certificates, openssl on Debian have them
|
||
|
As a consequence, nodejs must depend on ca-certificates.
|
||
|
Forwarded: need some feedback before submitting the matter upstream
|
||
|
Author: Jérémy Lal <kapouer@melix.org>
|
||
|
Last-Update: 2014-03-02
|
||
|
|
||
|
Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the
|
||
|
correct path for Fedora
|
||
|
--- a/src/node_crypto.cc
|
||
|
+++ b/src/node_crypto.cc
|
||
|
@@ -64,7 +64,6 @@
|
||
|
namespace node {
|
||
|
|
||
|
const char* root_certs[] = {
|
||
|
-#include "node_root_certs.h" // NOLINT(build/include_order)
|
||
|
NULL
|
||
|
};
|
||
|
|
||
|
@@ -561,32 +560,16 @@
|
||
|
assert(sc->ca_store_ == NULL);
|
||
|
|
||
|
if (!root_cert_store) {
|
||
|
- root_cert_store = X509_STORE_new();
|
||
|
-
|
||
|
- for (int i = 0; root_certs[i]; i++) {
|
||
|
- BIO *bp = BIO_new(BIO_s_mem());
|
||
|
-
|
||
|
- if (!BIO_write(bp, root_certs[i], strlen(root_certs[i]))) {
|
||
|
- BIO_free(bp);
|
||
|
- return False();
|
||
|
- }
|
||
|
-
|
||
|
- X509 *x509 = PEM_read_bio_X509(bp, NULL, NULL, NULL);
|
||
|
-
|
||
|
- if (x509 == NULL) {
|
||
|
- BIO_free(bp);
|
||
|
- return False();
|
||
|
- }
|
||
|
-
|
||
|
- X509_STORE_add_cert(root_cert_store, x509);
|
||
|
-
|
||
|
- BIO_free(bp);
|
||
|
- X509_free(x509);
|
||
|
+ if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/pki/tls/certs/ca-bundle.crt", NULL) == 1) {
|
||
|
+ root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
|
||
|
+ } else {
|
||
|
+ // empty store
|
||
|
+ root_cert_store = X509_STORE_new();
|
||
|
}
|
||
|
+ } else {
|
||
|
+ SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
|
||
|
}
|
||
|
-
|
||
|
sc->ca_store_ = root_cert_store;
|
||
|
- SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
|
||
|
|
||
|
return True();
|
||
|
}
|