nodejs/0003-CA-Certificates-are-provided-by-Fedora.patch
Stephen Gallagher 5d0271a529
Prepare for EPEL 7 uplift
- Use %{?epel} tag to maintain a single specfile
- Relax openssl requirement to 1.0.1+ for EPEL 7
- Don't use weak dependencies in EPEL
- Update v8_abi processing to avoid extra rebuilds of dependents
2016-09-12 14:57:48 -04:00

82 lines
2.4 KiB
Diff

From 08305ba6b7fddab1f35c59dc82a3c6b11ceceae3 Mon Sep 17 00:00:00 2001
From: Haikel Guemar <hguemar@fedoraproject.org>
Date: Tue, 26 Jul 2016 22:00:25 +0200
Subject: [PATCH 3/3] CA Certificates are provided by Fedora.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Forwarded: need some feedback before submitting the matter upstream
Author: Jérémy Lal <kapouer@melix.org>
Last-Update: 2014-03-02
Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the
correct path for Fedora
Modified 2015-12-01 by Stephen Gallagher <sgallagh@redhat.com> to update for
Node.js 4.2
Modified 2016-03-04 by Stephen Gallagher <sgallagh@redhat.com> to update for
Node.js 5.4.1
Modified 2016-07-26 by Haikel Guemar <hguemar@fedoraproject.org> to update for
Node.js 4.4.7
---
src/node_crypto.cc | 30 +++++++++---------------------
1 file changed, 9 insertions(+), 21 deletions(-)
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 888a0f8..3feff0e 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -192,8 +192,8 @@ static X509_NAME *cnnic_ev_name =
static Mutex* mutexes;
-const char* const root_certs[] = {
-#include "node_root_certs.h" // NOLINT(build/include_order)
+const char* root_certs[] = {
+ NULL
};
X509_STORE* root_cert_store;
@@ -847,29 +847,17 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
CHECK_EQ(sc->ca_store_, nullptr);
if (!root_cert_store) {
- root_cert_store = X509_STORE_new();
-
- for (size_t i = 0; i < arraysize(root_certs); i++) {
- BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i]));
- if (bp == nullptr) {
- return;
- }
-
- X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr);
- if (x509 == nullptr) {
- BIO_free_all(bp);
- return;
- }
-
- X509_STORE_add_cert(root_cert_store, x509);
-
- BIO_free_all(bp);
- X509_free(x509);
+ if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/pki/tls/certs/ca-bundle.crt", NULL) == 1) {
+ root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
+ } else {
+ // empty store
+ root_cert_store = X509_STORE_new();
}
+ } else {
+ SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
}
sc->ca_store_ = root_cert_store;
- SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
}
--
2.9.0