Skip to content

Commit

Permalink
src: exclude node_root_certs when use-def-ca-store
Browse files Browse the repository at this point in the history
When configuring node with --openssl-use-def-ca-store the root certs
from OpenSSL should be used and not the ones in src/node_root_certs.h.
I noticed that src/node_root_certs.h is still included even when
using --openssl-use-def-ca-store.

This commit adds check and does not include node_root_certs.h if
--openssl-use-def-ca-store is specified.

PR-URL: nodejs#11939
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
  • Loading branch information
danbev authored and jasnell committed Mar 22, 2017
1 parent f35e80d commit be98f26
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -141,9 +141,11 @@ static X509_NAME *cnnic_ev_name =

static Mutex* mutexes;

#if !defined(NODE_OPENSSL_CERT_STORE)
const char* const root_certs[] = {
#include "node_root_certs.h" // NOLINT(build/include_order)
};
#endif

std::string extra_root_certs_file; // NOLINT(runtime/string)

Expand Down Expand Up @@ -718,6 +720,7 @@ static int X509_up_ref(X509* cert) {


static X509_STORE* NewRootCertStore() {
#if !defined(NODE_OPENSSL_CERT_STORE)
if (root_certs_vector.empty()) {
for (size_t i = 0; i < arraysize(root_certs); i++) {
BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i]));
Expand All @@ -730,6 +733,7 @@ static X509_STORE* NewRootCertStore() {
root_certs_vector.push_back(x509);
}
}
#endif

X509_STORE* store = X509_STORE_new();
if (ssl_openssl_cert_store) {
Expand Down

0 comments on commit be98f26

Please sign in to comment.