deps,build: add OpenSSL building of legacy module #40466
Conversation
nodejs-github-bot
added
needs-ci
|
Does it allow to use |
No, but I'm currently looking into enabling/configuring the legacy provider which does support md4. I've not got that part working yet though so I'll convert this into a draft pr. |
|
Thank you @danbev! |
danbev
force-pushed
the
legacy_provider_sources
branch
from
e1ef8f3
to
71dca2f
Compare
danbev
changed the title
I'm afraid this does not allow the legacy provider to be enabled by default, instead the user would need to go through the steps above in the PR description. |
| @@ -27216,8 +27216,8 @@ unless (caller) { | |||
| use File::Copy; | |||
| use Pod::Usage; | |||
|
|
|||
| use lib '/home/danielbevenius/work/nodejs/openssl/deps/openssl/openssl/util/perl'; | |||
| use OpenSSL::fallback '/home/danielbevenius/work/nodejs/openssl/deps/openssl/openssl/external/perl/MODULES.txt'; | |||
| use lib '/home/danielbevenius/work/nodejs/node/deps/openssl/openssl/util/perl'; | |||
There was a problem hiding this comment.
I'm guessing it does not make sense for this to have danielbevenius in the path. Same for the next line.
There was a problem hiding this comment.
Although that may be a more general comment since it's not a change in this PR
There was a problem hiding this comment.
I've taken a look at this and I'm not sure how I can prevent this in Perl. I'll take another look but I don't think this is critical as my understanding is that after we generate this file we only use it to parse out values. Still I'd rather fix this but not sure how at the moment.
There was a problem hiding this comment.
I assume the paths with be more generic (but still absolute) if regenerating the config via the Docker file?
Lines 1479 to 1481 in ed01811
This commit adds a configuration time flag to enable OpenSSL legacy
module to be built.
For example, the following will build the legacy module:
$ ./configure --openssl-legacy-module
To enable the default provider one has currently has to update the
OpenSSL configuration file, openssl.cnf:
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
legacy = legacy_sect
[default_sect]
activate = 1
[legacy_sect]
activate = 1
This module can then be used by specifying the environment variable
OPENSSL_MODULES like this:
$ env OPENSSL_MODULES= \
$PWD/out/Release/obj.target/deps/openssl/lib/openssl-modules \
OPENSSL_CONF=out/Release/obj.target/deps/openssl/openssl.cnf \
./node -p 'crypto.createHash("md4")'
Hash {
_options: undefined,
[Symbol(kHandle)]: Hash {},
[Symbol(kState)]: { [Symbol(kFinalized)]: false }
Refs: nodejs#40455
This commit regenerates the OpenSSL architecture files after the update in Commmit 04326f3 ("deps: add missing legacyprov.c source").
danbev
force-pushed
the
legacy_provider_sources
branch
from
71dca2f
to
7f694f7
Compare
|
#40478 has been opened and contains a suggestion by @richardlau to statically link the legacy provider and allow it to be enabled by a command line flag instead of dynamically linking which is done in this pull request. |
|
I'm closing this in favor of #40478. |
This commit adds a configuration time flag to enable OpenSSL legacy
module to be built.
For example, the following will build the legacy module:
$ ./configure --openssl-legacy-moduleTo enable the default provider one has currently has to update the
OpenSSL configuration file,
openssl.cnf:This module can then be used by specifying the environment variable
OPENSSL_MODULESlike this:Refs: #40455