[packages/nodejs] use system ca-certificates
glen
glen at pld-linux.org
Mon Aug 11 14:38:25 CEST 2014
commit 58e860229aa9b5442eb77ec1b96ee48b763ec119
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Mon Aug 11 15:38:13 2014 +0300
use system ca-certificates
nodejs-use-system-certs.patch | 58 +++++++++++++++++++++++++++++++++++++++++++
nodejs.spec | 3 +++
2 files changed, 61 insertions(+)
---
diff --git a/nodejs.spec b/nodejs.spec
index 33cd19b..c28a22a 100644
--- a/nodejs.spec
+++ b/nodejs.spec
@@ -11,6 +11,7 @@ Patch1: %{name}-shared.patch
Patch2: %{name}-libpath.patch
# use /usr/lib64/node as an arch-specific module dir when appropriate
Patch3: %{name}-lib64path.patch
+Patch4: %{name}-use-system-certs.patch
Patch5: uv-fpic.patch
# The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot
# be done in a stable distribution release. This build of nodejs will behave as
@@ -33,6 +34,7 @@ BuildRequires: rpmbuild(macros) >= 1.219
BuildRequires: sed >= 4.0
BuildRequires: v8-devel >= 3.15.11.10
BuildRequires: zlib-devel
+Requires: ca-certificates
Obsoletes: nodejs-waf
ExclusiveArch: %{ix86} %{x8664} arm
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -81,6 +83,7 @@ This package contains the documentation for nodejs.
%else
%patch2 -p1
%endif
+%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
diff --git a/nodejs-use-system-certs.patch b/nodejs-use-system-certs.patch
new file mode 100644
index 0000000..952f341
--- /dev/null
+++ b/nodejs-use-system-certs.patch
@@ -0,0 +1,58 @@
+Description: do not bundle CA certificates, openssl on Debian have them
+ As a consequence, nodejs must depend on ca-certificates.
+Forwarded: need some feedback before submitting the matter upstream
+Author: Jérémy Lal <kapouer at melix.org>
+Last-Update: 2014-03-02
+
+Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth at gmail.com> with the correct path for Fedora
+Modified 2014-08-11 by Elan Ruusamäe <glen at delfi.ee> with the correct path for PLD
+--- a/src/node_crypto.cc
++++ b/src/node_crypto.cc
+@@ -64,7 +64,6 @@
+ namespace node {
+
+ const char* root_certs[] = {
+-#include "node_root_certs.h" // NOLINT(build/include_order)
+ NULL
+ };
+
+@@ -561,32 +560,16 @@
+ assert(sc->ca_store_ == NULL);
+
+ if (!root_cert_store) {
+- root_cert_store = X509_STORE_new();
+-
+- for (int i = 0; root_certs[i]; i++) {
+- BIO *bp = BIO_new(BIO_s_mem());
+-
+- if (!BIO_write(bp, root_certs[i], strlen(root_certs[i]))) {
+- BIO_free(bp);
+- return False();
+- }
+-
+- X509 *x509 = PEM_read_bio_X509(bp, NULL, NULL, NULL);
+-
+- if (x509 == NULL) {
+- BIO_free(bp);
+- return False();
+- }
+-
+- X509_STORE_add_cert(root_cert_store, x509);
+-
+- BIO_free(bp);
+- X509_free(x509);
++ if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/certs/ca-certificates.crt", NULL) == 1) {
++ root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
++ } else {
++ // empty store
++ root_cert_store = X509_STORE_new();
+ }
++ } else {
++ SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
+ }
+-
+ sc->ca_store_ = root_cert_store;
+- SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
+
+ return True();
+ }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/nodejs.git/commitdiff/58e860229aa9b5442eb77ec1b96ee48b763ec119
More information about the pld-cvs-commit
mailing list