diff options
Diffstat (limited to 'src/node_crypto.cc')
-rw-r--r-- | src/node_crypto.cc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 7f5544b8f2..11ed4a3f19 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -756,6 +756,8 @@ static X509_STORE* NewRootCertStore() { if (*system_cert_path != '\0') { X509_STORE_load_locations(store, system_cert_path, nullptr); } + // TODO(addaleax): Replace `ssl_openssl_cert_store` with + // `per_process_opts->ssl_openssl_cert_store`. if (ssl_openssl_cert_store) { X509_STORE_set_default_paths(store); } else { @@ -5094,14 +5096,14 @@ void InitCryptoOnce() { OPENSSL_no_config(); // --openssl-config=... - if (!openssl_config.empty()) { + if (!per_process_opts->openssl_config.empty()) { OPENSSL_load_builtin_modules(); #ifndef OPENSSL_NO_ENGINE ENGINE_load_builtin_engines(); #endif ERR_clear_error(); CONF_modules_load_file( - openssl_config.c_str(), + per_process_opts->openssl_config.c_str(), nullptr, CONF_MFLAGS_DEFAULT_SECTION); int err = ERR_get_error(); @@ -5119,6 +5121,9 @@ void InitCryptoOnce() { #ifdef NODE_FIPS_MODE /* Override FIPS settings in cnf file, if needed. */ unsigned long err = 0; // NOLINT(runtime/int) + // TODO(addaleax): Use commented part instead. + /*if (per_process_opts->enable_fips_crypto || + per_process_opts->force_fips_crypto) {*/ if (enable_fips_crypto || force_fips_crypto) { if (0 == FIPS_mode() && !FIPS_mode_set(1)) { err = ERR_get_error(); @@ -5181,6 +5186,7 @@ void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) { } void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) { + // TODO(addaleax): Use options parser variables instead. CHECK(!force_fips_crypto); Environment* env = Environment::GetCurrent(args); const bool enabled = FIPS_mode(); |