diff options
| author | Daniel Bevenius <daniel.bevenius@gmail.com> | 2017-11-06 10:30:29 +0100 |
|---|---|---|
| committer | Daniel Bevenius <daniel.bevenius@gmail.com> | 2017-11-10 05:47:20 +0100 |
| commit | cad1d1ff457afb93034b995111ef1b8cc1f08d82 (patch) | |
| tree | eb54609be0fedc8beb2eb5b5b3282f91ddf36ac7 /configure | |
| parent | 44d3e17985befbd45457d5ad7f0a0387849e1b2f (diff) | |
| download | android-node-v8-cad1d1ff457afb93034b995111ef1b8cc1f08d82.tar.gz android-node-v8-cad1d1ff457afb93034b995111ef1b8cc1f08d82.tar.bz2 android-node-v8-cad1d1ff457afb93034b995111ef1b8cc1f08d82.zip | |
src: add openssl-system-ca-path configure option
The motivation for this commit is that we need to specify system CA
certificates when building node. While we are aware of the environment
variable NODE_EXTRA_CA_CERTS this is not a great solution as we build
an RPM and we also don't want users to be able to unset them.
The suggestion is to add a configure time property like this:
--openssl-system-ca-path=OPENSSL_SYSTEM_CA_PATH
Use the specified path to system CA (PEM format) in
addition to the OpenSSL supplied CA store or compiled-
in Mozilla CA copy.
Usage example:
$ ./configure --openssl-system-ca-path=/etc/pki/tls/certs/ca-bundle.crt
This would add the specified CA certificates in addition to the ones
already being used.
PR-URL: https://github.com/nodejs/node/pull/16790
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'configure')
| -rwxr-xr-x | configure | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -172,6 +172,12 @@ parser.add_option('--openssl-use-def-ca-store', dest='use_openssl_ca_store', help='Use OpenSSL supplied CA store instead of compiled-in Mozilla CA copy.') +parser.add_option('--openssl-system-ca-path', + action='store', + dest='openssl_system_ca_path', + help='Use the specified path to system CA (PEM format) in addition to ' + 'the OpenSSL supplied CA store or compiled-in Mozilla CA copy.') + shared_optgroup.add_option('--shared-http-parser', action='store_true', dest='shared_http_parser', @@ -1013,6 +1019,8 @@ def configure_openssl(o): o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0 if options.use_openssl_ca_store: o['defines'] += ['NODE_OPENSSL_CERT_STORE'] + if options.openssl_system_ca_path: + o['variables']['openssl_system_ca_path'] = options.openssl_system_ca_path o['variables']['node_without_node_options'] = b(options.without_node_options) if options.without_node_options: o['defines'] += ['NODE_WITHOUT_NODE_OPTIONS'] |