From 6a7a61be7c58809990f42659c1d114233c9d1d3e Mon Sep 17 00:00:00 2001
From: Daniel Bevenius <daniel.bevenius@gmail.com>
Date: Tue, 6 Oct 2020 13:25:23 +0200
Subject: src: mark/pop OpenSSL errors in NewRootCertStore

This commit sets the OpenSSL error mark before calling
X509_STORE_load_locations and pops the error mark afterwards.

The motivation for this is that it is possible that
X509_STORE_load_locations can produce errors if the configuration
option --openssl-system-ca-path file does not exist. Later if a
different function is called which calls an OpenSSL function it could
fail because these errors might still be on the OpenSSL error stack.

Currently, all functions that call NewRootCertStore clear the
OpenSSL error queue upon returning, but this was not the case for
example in v12.18.0.

PR-URL: https://github.com/nodejs/node/pull/35514
Fixes: https://github.com/nodejs/node/issues/35456
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
---
 node.gyp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'node.gyp')

diff --git a/node.gyp b/node.gyp
index dd9bddd08ba..c4bf4411cfd 100644
--- a/node.gyp
+++ b/node.gyp
@@ -1360,6 +1360,9 @@
           'defines': [
             'HAVE_OPENSSL=1',
           ],
+          'sources': [
+            'test/cctest/test_node_crypto.cc',
+          ]
         }],
         [ 'node_use_openssl=="true" and experimental_quic==1', {
           'defines': [
-- 
cgit v1.2.3