Package: nodejs / 0.10.29~dfsg-2

2014_donotinclude_root_certs.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Description: do not bundle CA certificates, openssl on Debian have them
 As a consequence, nodejs must depend on ca-certificates.
Forwarded: need some feedback before submitting the matter upstream
Author: Jérémy Lal <kapouer@melix.org>
Last-Update: 2014-03-02
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -65,7 +65,6 @@
 namespace node {
 
 const char* root_certs[] = {
-#include "node_root_certs.h"  // NOLINT(build/include_order)
   NULL
 };
 
@@ -604,32 +603,16 @@
   assert(sc->ca_store_ == NULL);
 
   if (!root_cert_store) {
-    root_cert_store = X509_STORE_new();
-
-    for (int i = 0; root_certs[i]; i++) {
-      BIO *bp = BIO_new(BIO_s_mem());
-
-      if (!BIO_write(bp, root_certs[i], strlen(root_certs[i]))) {
-        BIO_free(bp);
-        return False();
-      }
-
-      X509 *x509 = PEM_read_bio_X509(bp, NULL, NULL, NULL);
-
-      if (x509 == NULL) {
-        BIO_free(bp);
-        return False();
-      }
-
-      X509_STORE_add_cert(root_cert_store, x509);
-
-      BIO_free(bp);
-      X509_free(x509);
+    if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/ssl/certs/ca-certificates.crt", NULL) == 1) {
+      root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
+    } else {
+      // empty store
+      root_cert_store = X509_STORE_new();
     }
+  } else {
+    SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
   }
-
   sc->ca_store_ = root_cert_store;
-  SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
 
   return True();
 }