From d768b62897b9cec4de608af4ee5e2af370d8eb0a Mon Sep 17 00:00:00 2001
From: Shigeki Ohtsu <ohtsu@ohtsu.org>
Date: Fri, 6 Sep 2019 01:32:15 +0900
Subject: [PATCH] deps: define OPENSSLDIR and ENGINESDIR explicitly

According to CVE-2019-1552(*), it is encouraged to change OPENSSLDIR
from the default of /usr/local/ssl to a privileged directory on
Windows. "C:\Program Files\Common Files\SSL" is set as it is the
default path in OpenSSL-1.1.1.

(*) https://www.openssl.org/news/secadv/20190730.txt

Fixes: https://github.com/nodejs/node/issues/29445
---
 deps/openssl/openssl.gypi | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/deps/openssl/openssl.gypi b/deps/openssl/openssl.gypi
index 21e1058aa28406..3bca5321ddb468 100644
--- a/deps/openssl/openssl.gypi
+++ b/deps/openssl/openssl.gypi
@@ -1274,6 +1274,8 @@
       'MK1MF_BUILD',
       'WIN32_LEAN_AND_MEAN',
       'OPENSSL_SYSNAME_WIN32',
+      'ENGINESDIR="C:\\\Program\ Files\\\Common\ Files\\\SSL"',
+      'OPENSSLDIR="C:\\\Program\ Files\\\Common\ Files\\\SSL"',
     ],
     'openssl_default_libraries_win': [
       '-lgdi32.lib',