diff options
author | Daniel Bevenius <daniel.bevenius@gmail.com> | 2020-06-03 13:56:58 +0300 |
---|---|---|
committer | Shelley Vohr <shelley.vohr@gmail.com> | 2020-06-30 19:34:05 +0300 |
commit | b1f6584f8e33f8541f18de0a474c069312824eb7 (patch) | |
tree | ec67462a8ec04f3ecd788c03dfb0225bf0baac45 /node.gyp | |
parent | 2b5898eebc20918ebe7389b14918a1a4782c921c (diff) |
src,build: add --openssl-default-cipher-list
This commit adds a configuration option named
openssl-default-cipher-list which takes a colon separated string
specifying ciphers that should be used as the default ciphers instead of
the ones defined in node_constants.
The motivation for this is a use case where Fedora/RHEL would like
to be able to specify a default cipher in the format PROFILE=SYSTEM.
This would enable Fedora/RHEL to have a system wide security level for
all applications.
PR-URL: https://github.com/nodejs/node/pull/33708
Refs: https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Diffstat (limited to 'node.gyp')
-rw-r--r-- | node.gyp | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -746,6 +746,7 @@ 'variables': { 'openssl_system_ca_path%': '', + 'openssl_default_cipher_list%': '', }, 'defines': [ @@ -762,6 +763,11 @@ 'msvs_disabled_warnings!': [4244], 'conditions': [ + [ 'openssl_default_cipher_list!=""', { + 'defines': [ + 'NODE_OPENSSL_DEFAULT_CIPHER_LIST="<(openssl_default_cipher_list)"' + ] + }], [ 'error_on_warn=="true"', { 'cflags': ['-Werror'], 'xcode_settings': { |