crypto: Use system CAs instead of using bundled ones (!11794) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/sgallagher/node6 into v6.x Mar 10, 2017

This is a backport of a patch included in 7.5.0

NodeJS can already use an external, shared OpenSSL library. This library knows where to look for OS managed certificates. Allow a compile-time option to use this CA store by default instead of using bundled certificates.

In case when using bundled OpenSSL, the paths are also valid for majority of Linux systems without additional intervention. If this is not set, we can use SSL_CERT_DIR to point it to correct location.

Fixes: https://github.com/nodejs/node/issues/3159 PR-URL: https://github.com/nodejs/node/pull/8334 Reviewed-By: Sam Roberts vieuxtech@gmail.com Reviewed-By: James M Snell jasnell@gmail.com Reviewed-By: Fedor Indutny fedor.indutny@gmail.com

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

Admin message

Admin message

crypto: Use system CAs instead of using bundled ones

Checklist

Affected core subsystem(s)

Merge request reports