From ef86c8e2907c82e956a997e2ed6cbce5e8d33312 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
Date: Tue, 28 Apr 2020 11:15:24 +0200
Subject: [PATCH] Link with ssl-shim
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jan Staněk <jstanek@redhat.com>
---
 node.gypi          | 10 +++++++---
 src/node_crypto.cc |  2 +-
 src/node_crypto.h  |  2 ++
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/node.gypi b/node.gypi
index 116c1c7149..0e40a2b441 100644
--- a/node.gypi
+++ b/node.gypi
@@ -365,9 +365,13 @@
               ],
             }],
           ],
-        }]]
-
-    }, {
+        }],
+        [ 'node_shared_openssl=="true"', {
+          'include_dirs': ['deps/node-ssl-shim/include'],
+          'libraries': ['<!(realpath deps/node-ssl-shim/lib/libnode-ssl-shim.a)']
+        }]
+    ]},
+    {
       'defines': [ 'HAVE_OPENSSL=0' ]
     }],
 
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index c132e6a089..5783500b16 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -1142,7 +1142,7 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
 
 void SecureContext::SetCipherSuites(const FunctionCallbackInfo<Value>& args) {
   // BoringSSL doesn't allow API config of TLS1.3 cipher suites.
-#ifndef OPENSSL_IS_BORINGSSL
+#if !defined OPENSSL_IS_BORINGSSL && !OPENSSL_IS_LEGACY
   SecureContext* sc;
   ASSIGN_OR_RETURN_UNWRAP(&sc, args.Holder());
   Environment* env = sc->env();
diff --git a/src/node_crypto.h b/src/node_crypto.h
index 772a34a7da..ec86debfea 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -40,6 +40,8 @@
 #include <openssl/ec.h>
 #include <openssl/rsa.h>
 
+#include <node-ssl-shim/ssl-shim.h>
+
 namespace node {
 namespace crypto {
 
-- 
2.26.2