src: exclude node_root_certs when use-def-ca-store

When configuring node with --openssl-use-def-ca-store the root certs from OpenSSL should be used and not the ones in src/node_root_certs.h. I noticed that src/node_root_certs.h is still included even when using --openssl-use-def-ca-store. This commit adds check and does not include node_root_certs.h if --openssl-use-def-ca-store is specified. PR-URL: https://github.com/nodejs/node/pull/11939 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
2017-03-20 15:27:20 +01:00 · 2017-03-20 15:27:20 +01:00 · be98f26917
commit be98f26917
parent f35e80d9af
1 changed files with 4 additions and 0 deletions
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@ -141,9 +141,11 @@ static X509_NAME *cnnic_ev_name =

 static Mutex* mutexes;

+#if !defined(NODE_OPENSSL_CERT_STORE)
 const char* const root_certs[] = {
 #include "node_root_certs.h"  // NOLINT(build/include_order)
 };
+#endif

 std::string extra_root_certs_file;  // NOLINT(runtime/string)

@ -718,6 +720,7 @@ static int X509_up_ref(X509* cert) {


 static X509_STORE* NewRootCertStore() {
+#if !defined(NODE_OPENSSL_CERT_STORE)
  if (root_certs_vector.empty()) {
    for (size_t i = 0; i < arraysize(root_certs); i++) {
      BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i]));
@ -730,6 +733,7 @@ static X509_STORE* NewRootCertStore() {
      root_certs_vector.push_back(x509);
    }
  }
+#endif

  X509_STORE* store = X509_STORE_new();
  if (ssl_openssl_cert_store) {