|
|
a233a8 |
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
|
|
|
a233a8 |
index aa2dafe..a327b23 100644
|
|
|
a233a8 |
--- a/src/node_crypto.cc
|
|
|
a233a8 |
+++ b/src/node_crypto.cc
|
|
|
a233a8 |
@@ -120,13 +120,13 @@ static X509_NAME *cnnic_ev_name =
|
|
|
a233a8 |
|
|
|
a233a8 |
static Mutex* mutexes;
|
|
|
a233a8 |
|
|
|
a233a8 |
-static const char* const root_certs[] = {
|
|
|
a233a8 |
+const char* const root_certs[] = {
|
|
|
a233a8 |
#include "node_root_certs.h" // NOLINT(build/include_order)
|
|
|
a233a8 |
};
|
|
|
a233a8 |
|
|
|
a233a8 |
-static std::string extra_root_certs_file; // NOLINT(runtime/string)
|
|
|
a233a8 |
+std::string extra_root_certs_file; // NOLINT(runtime/string)
|
|
|
a233a8 |
|
|
|
a233a8 |
-static X509_STORE* root_cert_store;
|
|
|
a233a8 |
+X509_STORE* root_cert_store;
|
|
|
a233a8 |
|
|
|
a233a8 |
// Just to generate static methods
|
|
|
a233a8 |
template class SSLWrap<TLSWrap>;
|
|
|
a233a8 |
@@ -865,8 +865,6 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
|
|
|
a233a8 |
}
|
|
|
a233a8 |
}
|
|
|
a233a8 |
|
|
|
a233a8 |
- // Increment reference count so global store is not deleted along with CTX.
|
|
|
a233a8 |
- X509_STORE_up_ref(root_cert_store);
|
|
|
a233a8 |
SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
|
|
|
a233a8 |
}
|
|
|
a233a8 |
|
|
|
a233a8 |
diff --git a/src/node_crypto.h b/src/node_crypto.h
|
|
|
a233a8 |
index 746c954..06a9017 100644
|
|
|
a233a8 |
--- a/src/node_crypto.h
|
|
|
a233a8 |
+++ b/src/node_crypto.h
|
|
|
a233a8 |
@@ -63,6 +63,8 @@ enum CheckResult {
|
|
|
a233a8 |
|
|
|
a233a8 |
extern int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx);
|
|
|
a233a8 |
|
|
|
a233a8 |
+extern X509_STORE* root_cert_store;
|
|
|
a233a8 |
+
|
|
|
a233a8 |
extern void UseExtraCaCerts(const std::string& file);
|
|
|
a233a8 |
|
|
|
a233a8 |
// Forward declaration
|
|
|
a233a8 |
@@ -143,6 +145,13 @@ class SecureContext : public BaseObject {
|
|
|
a233a8 |
}
|
|
|
a233a8 |
|
|
|
a233a8 |
env()->isolate()->AdjustAmountOfExternalAllocatedMemory(-kExternalSize);
|
|
|
a233a8 |
+ if (ctx_->cert_store == root_cert_store) {
|
|
|
a233a8 |
+ // SSL_CTX_free() will attempt to free the cert_store as well.
|
|
|
a233a8 |
+ // Since we want our root_cert_store to stay around forever
|
|
|
a233a8 |
+ // we just clear the field. Hopefully OpenSSL will not modify this
|
|
|
a233a8 |
+ // struct in future versions.
|
|
|
a233a8 |
+ ctx_->cert_store = nullptr;
|
|
|
a233a8 |
+ }
|
|
|
a233a8 |
SSL_CTX_free(ctx_);
|
|
|
a233a8 |
if (cert_ != nullptr)
|
|
|
a233a8 |
X509_free(cert_);
|