1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: enable auto cert chaining for BoringSSL

Browse Source 
OpenSSL enables this feature by default, but BoringSSL doesn't. This
change makes it so that when building node with BoringSSL, the
behaviour matches OpenSSL's.

PR-URL: https://github.com/nodejs/node/pull/22110
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit is contained in:
Jeremy Apthorp 2018-08-03 10:56:51 -07:00 committed by Tobias Nießen
parent c9c4550dd4
commit 7dae8729aa
No known key found for this signature in database
GPG Key ID: 718207F8FD156B70
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/node_crypto.cc
View File

@ -463,6 +463,11 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
SSL_CTX_set_options(sc->ctx_.get(), SSL_OP_NO_SSLv2);
SSL_CTX_set_options(sc->ctx_.get(), SSL_OP_NO_SSLv3);
// Enable automatic cert chaining. This is enabled by default in OpenSSL, but
// disabled by default in BoringSSL. Enable it explicitly to make the
// behavior match when Node is built with BoringSSL.
SSL_CTX_clear_mode(sc->ctx_.get(), SSL_MODE_NO_AUTO_CHAIN);
// SSL session cache configuration
SSL_CTX_set_session_cache_mode(sc->ctx_.get(),
SSL_SESS_CACHE_SERVER |