diff options
| author | Daniel Bevenius <daniel.bevenius@gmail.com> | 2022-05-14 11:04:48 +0300 |
|---|---|---|
| committer | Daniel Bevenius <daniel.bevenius@gmail.com> | 2022-05-31 14:41:30 +0300 |
| commit | f5a5df4802410e2f30a2ef1a0c324a090dbda361 (patch) | |
| tree | aa41d6383776fa7a798b43d30cdf60a98df137e9 /BUILDING.md | |
| parent | 0903515e126c2697042d6546c6aa4b72e1a4b33e (diff) | |
src,deps,build,test: add OpenSSL config appname
This commit adds the setting of an appname (configuration section
name), 'nodejs_conf', to be used when reading OpenSSL configuration
files.
The motivation for this is that currently the default OpenSSL
configuration, 'openssl_conf', element will be used which may be
undesirable as it might configure OpenSSL in unwanted ways. With this
commit it is still possible to use a default openssl.cnf file but the
only section that Node.js will read from is a section named
'nodejs_conf'.
PR-URL: https://github.com/nodejs/node/pull/43124
Refs: https://github.com/nodejs/node/issues/40366
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Diffstat (limited to 'BUILDING.md')
| -rw-r--r-- | BUILDING.md | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/BUILDING.md b/BUILDING.md index 1e36403f53e..10ef85eb88a 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -52,6 +52,7 @@ file a new issue. * [Build with a specific ICU](#build-with-a-specific-icu) * [Unix/macOS](#unixmacos-3) * [Windows](#windows-4) +* [Configuring OpenSSL config appname](#configure-openssl-appname) * [Building Node.js with FIPS-compliant OpenSSL](#building-nodejs-with-fips-compliant-openssl) * [Building Node.js with external core modules](#building-nodejs-with-external-core-modules) * [Unix/macOS](#unixmacos-4) @@ -768,6 +769,19 @@ as `deps/icu` (You'll have: `deps/icu/source/...`) > .\vcbuild full-icu ``` +### Configure OpenSSL appname + +Node.js can use an OpenSSL configuration file by specifying the environment +variable `OPENSSL_CONF`, or using the command line option `--openssl-conf`, and +if none of those are specified will default to reading the default OpenSSL +configuration file `openssl.cnf`. Node.js will only read a section that is by +default named `nodejs_conf`, but this name can be overridden using the following +configure option: + +```console +$ ./configure --openssl-conf-name=<some_conf_name> +``` + ## Building Node.js with FIPS-compliant OpenSSL The current version of Node.js supports FIPS when statically and @@ -819,6 +833,9 @@ $ ls out/Release/obj.target/deps/openssl/lib/openssl-modules/ fips.so ``` +Running `configure` without `--openssl-is-fips` flag and rebuilding will reset +the FIPS configuration. + ### FIPS support when dynamically linking OpenSSL For quictls/openssl 3.0 it is possible to enable FIPS when dynamically linking. |