rpms / rh-nodejs6-nodejs

Clone
Source Code
GIT

Blame SOURCES/nodejs-use-system-certs.patch

c7
  1.   8dc1ea0a81a951bd22a11ccb72413ab8a1e98b9d
  2.   SOURCES
  3.   nodejs-use-system-certs.patch
Blob History Raw
8dc1ea 
From e0aac817a87c927f70a6f8edb63a4103a4109dfc Mon Sep 17 00:00:00 2001
8dc1ea 
From: Stephen Gallagher <sgallagh@redhat.com>
8dc1ea 
Date: Tue, 1 Dec 2015 16:29:07 -0500
8dc1ea 
Subject: [PATCH 2/2] Do not bundle CA Certificates
8dc1ea 
MIME-Version: 1.0
8dc1ea 
Content-Type: text/plain; charset=UTF-8
8dc1ea 
Content-Transfer-Encoding: 8bit
8dc1ea
8dc1ea 
CA Certificates are provided by Fedora.
8dc1ea
8dc1ea 
Forwarded: need some feedback before submitting the matter upstream
8dc1ea 
Author: Jérémy Lal <kapouer@melix.org>
8dc1ea 
Last-Update: 2014-03-02
8dc1ea
8dc1ea 
Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the
8dc1ea 
correct path for Fedora
8dc1ea
8dc1ea 
Modified 2015-12-01 by Stephen Gallagher <sgallagh@redhat.com> to update for
8dc1ea 
Node.js 4.2
8dc1ea
8dc1ea 
Modified 2016-03-04 by Stephen Gallagher <sgallagh@redhat.com> to update for
8dc1ea 
Node.js 5.7.1
8dc1ea 
---
8dc1ea 
 src/node_crypto.cc | 28 ++++++++--------------------
8dc1ea 
 1 file changed, 8 insertions(+), 20 deletions(-)
8dc1ea
8dc1ea 
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
8dc1ea 
index acd83e9f2f41ade75ee9a3c8061acfa8b3dbf0f4..70ffe035f8be24b2eb6daf71185649d8ae7d579f 100644
8dc1ea 
--- a/src/node_crypto.cc
8dc1ea 
+++ b/src/node_crypto.cc
8dc1ea 
@@ -119,11 +119,11 @@ static X509_NAME *cnnic_ev_name =
8dc1ea 
                   sizeof(CNNIC_EV_ROOT_CA_SUBJECT_DATA)-1);
8dc1ea
8dc1ea 
 static Mutex* mutexes;
8dc1ea
8dc1ea 
 const char* const root_certs[] = {
8dc1ea 
-#include "node_root_certs.h"  // NOLINT(build/include_order)
8dc1ea 
+  NULL
8dc1ea 
 };
8dc1ea
8dc1ea 
 X509_STORE* root_cert_store;
8dc1ea
8dc1ea 
 // Just to generate static methods
8dc1ea 
@@ -748,33 +748,21 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
8dc1ea 
   (void) &clear_error_on_return;  // Silence compiler warning.
8dc1ea
8dc1ea 
   CHECK_EQ(sc->ca_store_, nullptr);
8dc1ea
8dc1ea 
   if (!root_cert_store) {
8dc1ea 
-    root_cert_store = X509_STORE_new();
8dc1ea 
-
8dc1ea 
-    for (size_t i = 0; i < arraysize(root_certs); i++) {
8dc1ea 
-      BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i]));
8dc1ea 
-      if (bp == nullptr) {
8dc1ea 
-        return;
8dc1ea 
-      }
8dc1ea 
-
8dc1ea 
-      X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr);
8dc1ea 
-      if (x509 == nullptr) {
8dc1ea 
-        BIO_free_all(bp);
8dc1ea 
-        return;
8dc1ea 
-      }
8dc1ea 
-
8dc1ea 
-      X509_STORE_add_cert(root_cert_store, x509);
8dc1ea 
-
8dc1ea 
-      BIO_free_all(bp);
8dc1ea 
-      X509_free(x509);
8dc1ea 
+    if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/pki/tls/certs/ca-bundle.crt", NULL) == 1) {
8dc1ea 
+      root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
8dc1ea 
+    } else {
8dc1ea 
+      // empty store
8dc1ea 
+      root_cert_store = X509_STORE_new();
8dc1ea 
     }
8dc1ea 
+  } else {
8dc1ea 
+    SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
8dc1ea 
   }
8dc1ea
8dc1ea 
   sc->ca_store_ = root_cert_store;
8dc1ea 
-  SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
8dc1ea 
 }
8dc1ea
8dc1ea
8dc1ea 
 void SecureContext::SetCiphers(const FunctionCallbackInfo<Value>& args) {
8dc1ea 
   SecureContext* sc;
8dc1ea 
--
8dc1ea 
2.7.2
8dc1ea

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation