diff --git a/configure b/configure index d926cec7d5d..e12a5382a19 100755 --- a/configure +++ b/configure @@ -144,6 +144,11 @@ parser.add_option('--openssl-fips', dest='openssl_fips', help='Build OpenSSL using FIPS canister .o file in supplied folder') +parser.add_option('--openssl-use-def-ca-store', + action='store_true', + dest='use_openssl_ca_store', + help='Use OpenSSL supplied CA store instead of compiled-in Mozilla CA copy.') + shared_optgroup.add_option('--shared-http-parser', action='store_true', dest='shared_http_parser', @@ -940,6 +945,8 @@ def configure_openssl(o): o['variables']['node_use_openssl'] = b(not options.without_ssl) o['variables']['node_shared_openssl'] = b(options.shared_openssl) o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0 + if options.use_openssl_ca_store: + o['defines'] += ['NODE_OPENSSL_CERT_STORE'] if options.openssl_fips: o['variables']['openssl_fips'] = options.openssl_fips fips_dir = os.path.join(root_dir, 'deps', 'openssl', 'fips') diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 41bd8e27b3a..f9030ec287d 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -707,10 +707,14 @@ static X509_STORE* NewRootCertStore() { } X509_STORE* store = X509_STORE_new(); +#if defined(NODE_OPENSSL_CERT_STORE) + X509_STORE_set_default_paths(store); +#else for (X509 *cert : root_certs_vector) { X509_up_ref(cert); X509_STORE_add_cert(store, cert); } +#endif return store; }