Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 4f83d75

Browse filesBrowse files
danbevbengl
danbev
authored and
bengl
committed
src,doc,test: add --openssl-shared-config option
This commit adds a new command line option named '--openssl-shared-config' intended to allow reverting to the old OpenSSL configuration behavior where Node.js would use the configuration section name (called appname in OpenSSL) 'openssl_conf' which could potentially be used my other applications.. PR-URL: #43124 Refs: #40366 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com> Backport-PR-URL: #43782 Refs: nodejs/nodejs.org#4713 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
1 parent 33d8d8e commit 4f83d75
Copy full SHA for 4f83d75

File tree

Expand file treeCollapse file tree

5 files changed

+28
-0
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

5 files changed

+28
-0
lines changed
Open diff view settings
Collapse file

‎doc/api/cli.md‎

Copy file name to clipboardExpand all lines: doc/api/cli.md
+16Lines changed: 16 additions & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -635,6 +635,21 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be
635635
used to enable FIPS-compliant crypto if Node.js is built
636636
against FIPS-enabled OpenSSL.
637637

638+
### `--openssl-shared-config`
639+
640+
<!-- YAML
641+
added: REPLACEME
642+
-->
643+
644+
Enable OpenSSL default configuration section, `openssl_conf` to be read from
645+
the OpenSSL configuration file. The default configuration file is named
646+
`openssl.cnf` but this can be changed using the environment variable
647+
`OPENSSL_CONF`, or by using the command line option `--openssl-config`.
648+
The location of the default OpenSSL configuration file depends on how OpenSSL
649+
is being linked to Node.js. Sharing the OpenSSL configuration may have unwanted
650+
implications and it is recommended to use a configuration section specific to
651+
Node.js which is `nodejs_conf` and is default when this option is not used.
652+
638653
### `--pending-deprecation`
639654
<!-- YAML
640655
added: v8.0.0
@@ -1372,6 +1387,7 @@ Node.js options that are allowed are:
13721387
* `--no-warnings`
13731388
* `--node-memory-debug`
13741389
* `--openssl-config`
1390+
* `--openssl-shared-config`
13751391
* `--pending-deprecation`
13761392
* `--policy-integrity`
13771393
* `--preserve-symlinks-main`
Collapse file

‎src/node.cc‎

Copy file name to clipboardExpand all lines: src/node.cc
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1053,6 +1053,12 @@ InitializationResult InitializeOncePerProcess(int argc, char** argv) {
10531053
const char* conf_file = nullptr;
10541054
// Use OPENSSL_CONF environment variable is set.
10551055
std::string env_openssl_conf;
1056+
// To allow for using the previous default where the 'openssl_conf' appname
1057+
// was used, the command line option 'openssl-shared-config' can be used to
1058+
// force the old behavior.
1059+
if (per_process::cli_options->openssl_shared_config) {
1060+
conf_section_name = "openssl_conf";
1061+
}
10561062
credentials::SafeGetenv("OPENSSL_CONF", &env_openssl_conf);
10571063
if (!env_openssl_conf.empty()) {
10581064
conf_file = env_openssl_conf.c_str();
Collapse file

‎src/node_options.cc‎

Copy file name to clipboardExpand all lines: src/node_options.cc
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -779,6 +779,10 @@ PerProcessOptionsParser::PerProcessOptionsParser(
779779
"force FIPS crypto (cannot be disabled)",
780780
&PerProcessOptions::force_fips_crypto,
781781
kAllowedInEnvironment);
782+
AddOption("--openssl-shared-config",
783+
"enable OpenSSL shared configuration",
784+
&PerProcessOptions::openssl_shared_config,
785+
kAllowedInEnvironment);
782786
#endif
783787
AddOption("--use-largepages",
784788
"Map the Node.js static code to large pages. Options are "
Collapse file

‎src/node_options.h‎

Copy file name to clipboardExpand all lines: src/node_options.h
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -238,6 +238,7 @@ class PerProcessOptions : public Options {
238238
// or are used once during process initialization.
239239
#if HAVE_OPENSSL
240240
std::string openssl_config;
241+
bool openssl_shared_config = false;
241242
std::string tls_cipher_list = DEFAULT_CIPHER_LIST_CORE;
242243
#ifdef NODE_OPENSSL_CERT_STORE
243244
bool ssl_openssl_cert_store = true;
Collapse file

‎test/parallel/test-process-env-allowed-flags-are-documented.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-process-env-allowed-flags-are-documented.js
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ const conditionalOpts = [
4747
filter: (opt) => {
4848
return [
4949
'--openssl-config',
50+
'--openssl-shared-config',
5051
'--tls-cipher-list',
5152
'--use-bundled-ca',
5253
'--use-openssl-ca',

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.