nodejs
diff --git a/Collapse file
‎configure‎
Copy file name to clipboardExpand all lines: configure
+8Lines changed: 8 additions & 0 deletions b/Collapse file
‎configure‎
Copy file name to clipboardExpand all lines: configure
+8Lines changed: 8 additions & 0 deletions
diff --git a/Collapse file
‎node.gyp‎
Copy file name to clipboardExpand all lines: node.gyp
+11Lines changed: 11 additions & 0 deletions b/Collapse file
‎node.gyp‎
Copy file name to clipboardExpand all lines: node.gyp
+11Lines changed: 11 additions & 0 deletions
diff --git a/Collapse file
‎src/node_crypto.cc‎
Copy file name to clipboardExpand all lines: src/node_crypto.cc
+5Lines changed: 5 additions & 0 deletions b/Collapse file
‎src/node_crypto.cc‎
Copy file name to clipboardExpand all lines: src/node_crypto.cc
+5Lines changed: 5 additions & 0 deletions
diff --git a/Collapse file
‎test/parallel/test-process-config.js‎
Copy file name to clipboardExpand all lines: test/parallel/test-process-config.js
+3-1Lines changed: 3 additions & 1 deletion b/Collapse file
‎test/parallel/test-process-config.js‎
Copy file name to clipboardExpand all lines: test/parallel/test-process-config.js
+3-1Lines changed: 3 additions & 1 deletion
@@ -172,6 +172,12 @@ parser.add_option('--openssl-use-def-ca-store',
     dest='use_openssl_ca_store',
     help='Use OpenSSL supplied CA store instead of compiled-in Mozilla CA copy.')
 
+parser.add_option('--openssl-system-ca-path',
+    action='store',
+    dest='openssl_system_ca_path',
+    help='Use the specified path to system CA (PEM format) in addition to '
+         'the OpenSSL supplied CA store or compiled-in Mozilla CA copy.')
+
 shared_optgroup.add_option('--shared-http-parser',
     action='store_true',
     dest='shared_http_parser',
@@ -1013,6 +1019,8 @@ def configure_openssl(o):
   o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0
   if options.use_openssl_ca_store:
     o['defines'] += ['NODE_OPENSSL_CERT_STORE']
+  if options.openssl_system_ca_path:
+    o['variables']['openssl_system_ca_path'] = options.openssl_system_ca_path
   o['variables']['node_without_node_options'] = b(options.without_node_options)
   if options.without_node_options:
       o['defines'] += ['NODE_WITHOUT_NODE_OPTIONS']
 
@@ -297,13 +297,24 @@
         '<(SHARED_INTERMEDIATE_DIR)/node_javascript.cc',
       ],
 
+      'variables': {
+        'openssl_system_ca_path%': '',
+      },
+
       'defines': [
         'NODE_ARCH="<(target_arch)"',
         'NODE_PLATFORM="<(OS)"',
         'NODE_WANT_INTERNALS=1',
         # Warn when using deprecated V8 APIs.
         'V8_DEPRECATION_WARNINGS=1',
+        'NODE_OPENSSL_SYSTEM_CERT_PATH="<(openssl_system_ca_path)"',
       ],
+
+      'direct_dependent_settings': {
+        'defines': [
+          'NODE_OPENSSL_SYSTEM_CERT_PATH="<(openssl_system_ca_path)"',
+        ],
+      },
     },
     {
       'target_name': 'mkssldef',
 
@@ -147,6 +147,8 @@ static const char* const root_certs[] = {
 #include "node_root_certs.h"  // NOLINT(build/include_order)
 };
 
+static const char system_cert_path[] = NODE_OPENSSL_SYSTEM_CERT_PATH;
+
 static std::string extra_root_certs_file;  // NOLINT(runtime/string)
 
 static X509_STORE* root_cert_store;
@@ -799,6 +801,9 @@ static X509_STORE* NewRootCertStore() {
   }
 
   X509_STORE* store = X509_STORE_new();
+  if (*system_cert_path != '\0') {
+    X509_STORE_load_locations(store, system_cert_path, nullptr);
+  }
   if (ssl_openssl_cert_store) {
     X509_STORE_set_default_paths(store);
   } else {
 
@@ -45,7 +45,9 @@ if (!fs.existsSync(configPath)) {
 let config = fs.readFileSync(configPath, 'utf8');
 
 // Clean up comment at the first line.
-config = config.split('\n').slice(1).join('\n').replace(/'/g, '"');
+config = config.split('\n').slice(1).join('\n');
+config = config.replace(/"/g, '\\"');
+config = config.replace(/'/g, '"');
 config = JSON.parse(config, function(key, value) {
   if (value === 'true') return true;
   if (value === 'false') return false;