Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 557092 Details for
Bug 670574
net-libs/nodejs depends on =dev-libs/openssl-1.1.0*
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
nodejs-10.14.0-openssl-compat.patch
nodejs-10.14.0-openssl-compat.patch (text/plain), 3.64 KB, created by
Guillaume Ceccarelli
on 2018-12-04 22:50:04 UTC
(
hide
)
Description:
nodejs-10.14.0-openssl-compat.patch
Filename:
MIME Type:
Creator:
Guillaume Ceccarelli
Created:
2018-12-04 22:50:04 UTC
Size:
3.64 KB
patch
obsolete
>diff --git a/BUILDING.md b/BUILDING.md >index 839480ee..cac51e86 100644 >--- a/BUILDING.md >+++ b/BUILDING.md >@@ -132,9 +132,18 @@ Depending on host platform, the selection of toolchains may vary. > > #### OpenSSL asm support > >-OpenSSL-1.1.0 requires the following asssembler version for use of asm >+OpenSSL-1.1.1 requires the following asssembler version for use of asm > support on x86_64 and ia32. > >+For use of AVX-512, >+ >+* gas (GNU assembler) version 2.26 or higher >+* nasm version 2.11.8 or higher in Windows >+ >+Note that AVX-512 is disabled for Skylake-X by OpenSSL-1.1.1. >+ >+For use of AVX2, >+ > * gas (GNU assembler) version 2.23 or higher > * xcode version 5.0 or higher > * llvm version 3.3 or higher >@@ -144,8 +153,7 @@ Otherwise `configure` will fail with an error. This can be avoided by > either providing a newer assembler as per the list above or by > using the `--openssl-no-asm` flag. > >-*Note:* The forthcoming OpenSSL-1.1.1 will require higher >- version. Please refer >+ Please refer to > https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_ia32cap.html for > details. > >diff --git a/src/node_crypto.cc b/src/node_crypto.cc >index 69d48b8c..cbc4de93 100644 >--- a/src/node_crypto.cc >+++ b/src/node_crypto.cc >@@ -465,6 +465,12 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { > SSL_SESS_CACHE_NO_AUTO_CLEAR); > > SSL_CTX_set_min_proto_version(sc->ctx_.get(), min_version); >+ >+ if (max_version == 0) { >+ // Selecting some secureProtocol methods allows the TLS version to be "any >+ // supported", but we don't support TLSv1.3, even if OpenSSL does. >+ max_version = TLS1_2_VERSION; >+ } > SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version); > // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was > // exposed in the public API. To retain compatibility, install a callback >@@ -888,7 +894,24 @@ void SecureContext::SetCiphers(const FunctionCallbackInfo<Value>& args) { > > THROW_AND_RETURN_IF_NOT_STRING(env, args[0], "Ciphers"); > >+ // Note: set_ciphersuites() is for TLSv1.3 and was introduced in openssl >+ // 1.1.1, set_cipher_list() is for TLSv1.2 and earlier. >+ // >+ // In openssl 1.1.0, set_cipher_list() would error if it resulted in no >+ // TLSv1.2 (and earlier) cipher suites, and there is no TLSv1.3 support. >+ // >+ // In openssl 1.1.1, set_cipher_list() will not error if it results in no >+ // TLSv1.2 cipher suites if there are any TLSv1.3 cipher suites, which there >+ // are by default. There will be an error later, during the handshake, but >+ // that results in an async error event, rather than a sync error thrown, >+ // which is a semver-major change for the tls API. >+ // >+ // Since we don't currently support TLSv1.3, work around this by removing the >+ // TLSv1.3 cipher suites, so we get backwards compatible synchronous errors. > const node::Utf8Value ciphers(args.GetIsolate(), args[0]); >+#ifdef TLS1_3_VERSION >+ SSL_CTX_set_ciphersuites(sc->ctx_.get(), ""); >+#endif > SSL_CTX_set_cipher_list(sc->ctx_.get(), *ciphers); > } > >diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc >index 6577ffd3..ee0e2c6a 100644 >--- a/src/tls_wrap.cc >+++ b/src/tls_wrap.cc >@@ -227,7 +227,10 @@ void TLSWrap::SSLInfoCallback(const SSL* ssl_, int where, int ret) { > } > } > >- if (where & SSL_CB_HANDSHAKE_DONE) { >+ // SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE are called >+ // sending HelloRequest in OpenSSL-1.1.1. >+ // We need to check whether this is in a renegotiation state or not. >+ if (where & SSL_CB_HANDSHAKE_DONE && !SSL_renegotiate_pending(ssl)) { > c->established_ = true; > Local<Value> callback = object->Get(env->onhandshakedone_string()); > if (callback->IsFunction()) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 670574
:
555616
|
555688
|
555690
|
555896
|
555900
|
555902
| 557092 |
557094