forked from nodejs/node
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
src,deps,build,test: add OpenSSL config appname
This commit adds the setting of an appname (configuration section name), 'nodejs_conf', to be used when reading OpenSSL configuration files. The motivation for this is that currently the default OpenSSL configuration, 'openssl_conf', element will be used which may be undesirable as it might configure OpenSSL in unwanted ways. With this commit it is still possible to use a default openssl.cnf file but the only section that Node.js will read from is a section named 'nodejs_conf'. Refs: nodejs#40366
- Loading branch information
Showing
6 changed files
with
75 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# Use this in order to automatically load providers. | ||
nodejs_conf = openssl_init | ||
|
||
# Optionally include a file that is generated by the OpenSSL fipsinstall | ||
# application. This file contains configuration data required by the OpenSSL | ||
# fips provider. It contains a named section e.g. [fips_sect] which is | ||
# referenced from the [provider_sect] below. | ||
# Refer to the OpenSSL security policy for more information. | ||
# .include fipsmodule.cnf | ||
|
||
[openssl_init] | ||
providers = provider_sect | ||
|
||
# List of providers to load | ||
[provider_sect] | ||
default = default_sect | ||
# The fips section name should match the section name inside the | ||
# included fipsmodule.cnf. | ||
# fips = fips_sect | ||
|
||
# If no providers are activated explicitly, the default one is activated implicitly. | ||
# See man 7 OSSL_PROVIDER-default for more details. | ||
# | ||
# If you add a section explicitly activating any other provider(s), you most | ||
# probably need to explicitly activate the default provider, otherwise it | ||
# becomes unavailable in openssl. As a consequence applications depending on | ||
# OpenSSL may not work correctly which could lead to significant system | ||
# problems including inability to remotely access the system. | ||
[default_sect] | ||
# activate = 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters