src: exclude node_root_certs when use-def-ca-store
When configuring node with --openssl-use-def-ca-store the root certs from OpenSSL should be used and not the ones in src/node_root_certs.h. I noticed that src/node_root_certs.h is still included even when using --openssl-use-def-ca-store. This commit adds check and does not include node_root_certs.h if --openssl-use-def-ca-store is specified. PR-URL: https://github.com/nodejs/node/pull/11939 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This commit is contained in:
parent
f35e80d9af
commit
be98f26917
@ -141,9 +141,11 @@ static X509_NAME *cnnic_ev_name =
|
|||||||
|
|
||||||
static Mutex* mutexes;
|
static Mutex* mutexes;
|
||||||
|
|
||||||
|
#if !defined(NODE_OPENSSL_CERT_STORE)
|
||||||
const char* const root_certs[] = {
|
const char* const root_certs[] = {
|
||||||
#include "node_root_certs.h" // NOLINT(build/include_order)
|
#include "node_root_certs.h" // NOLINT(build/include_order)
|
||||||
};
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
std::string extra_root_certs_file; // NOLINT(runtime/string)
|
std::string extra_root_certs_file; // NOLINT(runtime/string)
|
||||||
|
|
||||||
@ -718,6 +720,7 @@ static int X509_up_ref(X509* cert) {
|
|||||||
|
|
||||||
|
|
||||||
static X509_STORE* NewRootCertStore() {
|
static X509_STORE* NewRootCertStore() {
|
||||||
|
#if !defined(NODE_OPENSSL_CERT_STORE)
|
||||||
if (root_certs_vector.empty()) {
|
if (root_certs_vector.empty()) {
|
||||||
for (size_t i = 0; i < arraysize(root_certs); i++) {
|
for (size_t i = 0; i < arraysize(root_certs); i++) {
|
||||||
BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i]));
|
BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i]));
|
||||||
@ -730,6 +733,7 @@ static X509_STORE* NewRootCertStore() {
|
|||||||
root_certs_vector.push_back(x509);
|
root_certs_vector.push_back(x509);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
X509_STORE* store = X509_STORE_new();
|
X509_STORE* store = X509_STORE_new();
|
||||||
if (ssl_openssl_cert_store) {
|
if (ssl_openssl_cert_store) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user