diff options
Diffstat (limited to 'community/nodejs-current/use-system-ca-certs.patch')
| -rw-r--r-- | community/nodejs-current/use-system-ca-certs.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/community/nodejs-current/use-system-ca-certs.patch b/community/nodejs-current/use-system-ca-certs.patch new file mode 100644 index 0000000000..6e46c74b40 --- /dev/null +++ b/community/nodejs-current/use-system-ca-certs.patch @@ -0,0 +1,63 @@ +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sat, 26 Nov 2016 21:18:00 +0200 +Subject: Use system-provided CA certificates instead of bundled ones + +--- a/src/node_crypto.cc ++++ b/src/node_crypto.cc +@@ -116,8 +116,8 @@ + + static Mutex* mutexes; + +-const char* const root_certs[] = { +-#include "node_root_certs.h" // NOLINT(build/include_order) ++const char* root_certs[] = { ++ NULL + }; + + X509_STORE* root_cert_store; +@@ -688,25 +688,33 @@ + + + static X509_STORE* NewRootCertStore() { ++ X509_STORE* store = X509_STORE_new(); ++ + if (!root_certs_vector) { + root_certs_vector = new std::vector<X509*>; + +- for (size_t i = 0; i < arraysize(root_certs); i++) { +- BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i])); +- X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr); +- BIO_free(bp); +- +- if (x509 == nullptr) { +- // Parse errors from the built-in roots are fatal. +- ABORT(); +- return nullptr; +- } ++ BIO* bio = BIO_new(BIO_s_file()); ++ if (bio == nullptr) { ++ abort(); ++ return nullptr; ++ } ++ ++ if (BIO_read_filename(bio, "/etc/ssl/certs/ca-certificates.crt") == 1) { ++ STACK_OF(X509_INFO)* certs = PEM_X509_INFO_read_bio(bio, nullptr, nullptr, nullptr); + +- root_certs_vector->push_back(x509); ++ for (int i = 0; i < sk_X509_INFO_num(certs); i++) { ++ X509* cert = sk_X509_INFO_value(certs, i)->x509; ++ ++ if (cert) { ++ X509_up_ref(cert); ++ root_certs_vector->push_back(cert); ++ } ++ } ++ sk_X509_INFO_pop_free(certs, X509_INFO_free); + } ++ BIO_free_all(bio); + } + +- X509_STORE* store = X509_STORE_new(); + for (auto& cert : *root_certs_vector) { + X509_up_ref(cert); + X509_STORE_add_cert(store, cert); |