squash! src,deps,build,test: add OpenSSL config appname

This commit adds a configuration option to specify an alternative name of the configuration section in the OpenSSL configuration file.
nodejs · May 18, 2022 · 59870a3 · 59870a3
1 parent 89035b0
commit 59870a3
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/BUILDING.md b/BUILDING.md
@@ -52,6 +52,7 @@ file a new issue.
   * [Build with a specific ICU](#build-with-a-specific-icu)
     * [Unix/macOS](#unixmacos-3)
     * [Windows](#windows-4)
+* [Configuring  OpenSSL config appname](#configure-openssl-appname)
 * [Building Node.js with FIPS-compliant OpenSSL](#building-nodejs-with-fips-compliant-openssl)
 * [Building Node.js with external core modules](#building-nodejs-with-external-core-modules)
   * [Unix/macOS](#unixmacos-4)
@@ -768,6 +769,19 @@ as `deps/icu` (You'll have: `deps/icu/source/...`)
 > .\vcbuild full-icu
 ```
 
+### Configure OpenSSL appname
+
+Node.js can use an OpenSSL configuration file by specifying the environment
+variable `OPENSSL_CONF`, or using the command line option `--openssl-conf`, and
+if none of those are specified will default to reading the default OpenSSL
+configuration file `openssl.cnf`. Node.js will only read a section that is by
+default named `nodejs_conf`, but this name can be overridden using the following
+configure option:
+
+```console
+$ ./configure --openssl-conf-name=<some_conf_name>
+```
+
 ## Building Node.js with FIPS-compliant OpenSSL
 
 The current version of Node.js supports FIPS when statically and

diff --git a/configure.py b/configure.py
@@ -181,6 +181,12 @@
          "e.g. /root/x/y.js will be referenced via require('root/x/y'). "
          "Can be used multiple times")
 
+parser.add_argument("--openssl-conf-name",
+    action="store",
+    dest="openssl_conf_name",
+    default='nodejs_conf',
+    help="The OpenSSL config appname (config section name) used by Node.js")
+
 parser.add_argument('--openssl-default-cipher-list',
     action='store',
     dest='openssl_default_cipher_list',
@@ -1488,6 +1494,8 @@ def configure_openssl(o):
   if options.openssl_no_asm:
     variables['openssl_no_asm'] = 1
 
+  o['defines'] += ['NODE_OPENSSL_CONF_NAME=' + options.openssl_conf_name]
+
   if options.without_ssl:
     def without_ssl_error(option):
       error('--without-ssl is incompatible with %s' % option)

diff --git a/src/node.cc b/src/node.cc
@@ -162,6 +162,9 @@ PVOID old_vectored_exception_handler;
 struct V8Platform v8_platform;
 }  // namespace per_process
 
+// The section in the OpenSSL configuration file to be loaded.
+const char* conf_section_name = STRINGIFY(NODE_OPENSSL_CONF_NAME);
+
 #ifdef __POSIX__
 void SignalExit(int signo, siginfo_t* info, void* ucontext) {
   ResetStdio();
@@ -1085,12 +1088,11 @@ InitializationResult InitializeOncePerProcess(
     // return 0, leading to an endless loop and the node process will appear to
     // hang/freeze.
 
-    // The section in the OpenSSL configuration file to be loaded.
-    const char* conf_section_name = "nodejs_conf";
     // Passing NULL as the config file will allow the default openssl.cnf file
     // to be loaded, but the default section in that file will not be used,
     // instead only the section that matches the value of conf_section_name
     // will be read from the default configuration file.
+    //  fprintf(stderr, "appanme: %s\n", conf_section_name);
     const char* conf_file = nullptr;
     // Use OPENSSL_CONF environment variable is set.
     std::string env_openssl_conf;