Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit aa0aacb

Browse filesBrowse files
sam-githubtargos
sam-github
authored and
targos
committed
src: initialize openssl only once
For compatibility with OpenSSL 1.1.0 and 1.0.1 a series of initialization wrappers were being called, many deprecated, and many calling each other internally already. Compatibility is unnecessary in 12.x and later, which support only OpenSSL 1.1.1, and the multiple calls cause the configuration file to be loaded multiple times. Fixes: #29702 See: - https://mta.openssl.org/pipermail/openssl-users/2019-October/011303.html - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_ssl.html - https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_crypto.html PR-URL: #29999 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Shelley Vohr <codebytere@gmail.com>
1 parent 9fed62f commit aa0aacb
Copy full SHA for aa0aacb

File tree

Expand file treeCollapse file tree

2 files changed

+8
-26
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+8
-26
lines changed
Open diff view settings
Collapse file

‎src/node.cc‎

Copy file name to clipboardExpand all lines: src/node.cc
-7Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -785,13 +785,6 @@ int InitializeNodeWithArgs(std::vector<std::string>* argv,
785785
&default_env_options->redirect_warnings);
786786
}
787787

788-
#if HAVE_OPENSSL
789-
std::string* openssl_config = &per_process::cli_options->openssl_config;
790-
if (openssl_config->empty()) {
791-
credentials::SafeGetenv("OPENSSL_CONF", openssl_config);
792-
}
793-
#endif
794-
795788
#if !defined(NODE_WITHOUT_NODE_OPTIONS)
796789
std::string node_options;
797790

Collapse file

‎src/node_crypto.cc‎

Copy file name to clipboardExpand all lines: src/node_crypto.cc
+8-19Lines changed: 8 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -6961,30 +6961,19 @@ void TimingSafeEqual(const FunctionCallbackInfo<Value>& args) {
69616961
}
69626962

69636963
void InitCryptoOnce() {
6964-
SSL_load_error_strings();
6965-
OPENSSL_no_config();
6964+
#ifndef OPENSSL_IS_BORINGSSL
6965+
OPENSSL_INIT_SETTINGS* settings = OPENSSL_INIT_new();
69666966

69676967
// --openssl-config=...
69686968
if (!per_process::cli_options->openssl_config.empty()) {
6969-
OPENSSL_load_builtin_modules();
6970-
#ifndef OPENSSL_NO_ENGINE
6971-
ENGINE_load_builtin_engines();
6972-
#endif
6973-
ERR_clear_error();
6974-
CONF_modules_load_file(per_process::cli_options->openssl_config.c_str(),
6975-
nullptr,
6976-
CONF_MFLAGS_DEFAULT_SECTION);
6977-
int err = ERR_get_error();
6978-
if (0 != err) {
6979-
fprintf(stderr,
6980-
"openssl config failed: %s\n",
6981-
ERR_error_string(err, nullptr));
6982-
CHECK_NE(err, 0);
6983-
}
6969+
const char* conf = per_process::cli_options->openssl_config.c_str();
6970+
OPENSSL_INIT_set_config_filename(settings, conf);
69846971
}
69856972

6986-
SSL_library_init();
6987-
OpenSSL_add_all_algorithms();
6973+
OPENSSL_init_ssl(0, settings);
6974+
OPENSSL_INIT_free(settings);
6975+
settings = nullptr;
6976+
#endif
69886977

69896978
#ifdef NODE_FIPS_MODE
69906979
/* Override FIPS settings in cnf file, if needed. */

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.