From 933d9ca78d3c3c52f28b3aa87e099333f77f2ac5 Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Sat, 16 Oct 2021 08:50:16 +0200 Subject: [PATCH] src: add --openssl-legacy-provider option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: https://github.com/nodejs/node/issues/40948 Refs: https://github.com/nodejs/node/issues/40455 PR-URL: https://github.com/nodejs/node/pull/40478 Backport-PR-URL: https://github.com/nodejs/node/pull/42972 Reviewed-By: Richard Lau Reviewed-By: Tobias Nießen Reviewed-By: Michael Dawson --- doc/api/cli.md | 11 +++++++++++ src/crypto/crypto_util.cc | 10 ++++++++++ src/node_options.cc | 3 +++ src/node_options.h | 7 +++++++ .../test-process-env-allowed-flags-are-documented.js | 5 +++++ 5 files changed, 36 insertions(+) diff --git a/doc/api/cli.md b/doc/api/cli.md index 475894d7c0e466..380a220b7cf86f 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -732,6 +732,15 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be used to enable FIPS-compliant crypto if Node.js is built against FIPS-enabled OpenSSL. +### `--openssl-legacy-provider` + + + +Enable OpenSSL 3.0 legacy provider when dynamically linking to OpenSSL 3.x. +For more information please see [OSSL\_PROVIDER-legacy][OSSL_PROVIDER-legacy]. + ### `--pending-deprecation`