From e903cd19edd27eb6375b4decbcfeff045e5e7df0 Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Sat, 16 Oct 2021 08:50:16 +0200 Subject: [PATCH] src: add --openssl-legacy-provider option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: https://github.com/nodejs/node/issues/40948 Refs: https://github.com/nodejs/node/issues/40455 PR-URL: https://github.com/nodejs/node/pull/40478 Backport-PR-URL: https://github.com/nodejs/node/pull/42972 Reviewed-By: Richard Lau Reviewed-By: Tobias Nießen --- doc/api/cli.md | 11 +++++++++++ src/crypto/crypto_util.cc | 10 ++++++++++ src/node_options.cc | 3 +++ src/node_options.h | 7 +++++++ .../test-process-env-allowed-flags-are-documented.js | 5 +++++ 5 files changed, 36 insertions(+) diff --git a/doc/api/cli.md b/doc/api/cli.md index 88fde012bef4f4..688280285c4f79 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -749,6 +749,15 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be used to enable FIPS-compliant crypto if Node.js is built against FIPS-enabled OpenSSL. +### `--openssl-legacy-provider` + + + +Enable OpenSSL 3.0 legacy provider when dynamically linking to OpenSSL 3.x. +For more information please see [OSSL\_PROVIDER-legacy][OSSL_PROVIDER-legacy]. + ### `--pending-deprecation`