From ab0313d927e1a380f41b14b219c6ec9dbdb0db6a Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Wed, 18 May 2022 10:36:18 +0200 Subject: [PATCH] src,doc,test: add --openssl-shared-config option This commit adds a new command line option named '--openssl-shared-config' intended to allow reverting to the old OpenSSL configuration behavior where Node.js would use the configuration section name (called appname in OpenSSL) 'openssl_conf' which could potentially be used my other applications.. PR-URL: https://github.com/nodejs/node/pull/43124 Refs: https://github.com/nodejs/node/issues/40366 Reviewed-By: James M Snell Reviewed-By: Rich Trott Reviewed-By: Rafael Gonzaga Reviewed-By: Beth Griggs Backport-PR: https://github.com/nodejs/node/pull/43892 --- doc/api/cli.md | 16 ++++++++++++++++ src/node.cc | 6 ++++++ src/node_options.cc | 5 ++++- src/node_options.h | 1 + ...t-process-env-allowed-flags-are-documented.js | 1 + 5 files changed, 28 insertions(+), 1 deletion(-) diff --git a/doc/api/cli.md b/doc/api/cli.md index 688280285c4f79..0e03658cea1af2 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -749,6 +749,21 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be used to enable FIPS-compliant crypto if Node.js is built against FIPS-enabled OpenSSL. +### `--openssl-shared-config` + + + +Enable OpenSSL default configuration section, `openssl_conf` to be read from +the OpenSSL configuration file. The default configuration file is named +`openssl.cnf` but this can be changed using the environment variable +`OPENSSL_CONF`, or by using the command line option `--openssl-config`. +The location of the default OpenSSL configuration file depends on how OpenSSL +is being linked to Node.js. Sharing the OpenSSL configuration may have unwanted +implications and it is recommended to use a configuration section specific to +Node.js which is `nodejs_conf` and is default when this option is not used. + ### `--openssl-legacy-provider`