-
-
Notifications
You must be signed in to change notification settings - Fork 7.3k
OpenSSL upgrade process
Node.js depends on the OpenSSL library to implement its crypto and TLS/SSL features.
However, Node.js doesn't use OpenSSL's standard build process. Instead, a custom build process based on GYP that uses OpenSSL's source is maintained in parallel of OpenSSL's original build process. In addition to that, because the state of OpenSSL's support for Node.js supported platforms varies over time, it is sometimes necessary to maintain additional patches that fix some important issues.
For these two reasons, upgrading the OpenSSL version used by Node.js is not trivial. Some knowledge of how OpenSSL is built and embedded within the node binary and of the existing floating patches is necessary. This document describes both of these aspects so that upgrading the OpenSSL version used by a given version of Node.js does not have to be done by the few people with such knowledge.
Following is the list of the current patches that are floated on top of OpenSSL's source:
- 2b21c45f75043f8e5728650e24a4e972ade18cf1: deps: separate sha256/sha512-x86_64.pl for openssl. This change is needed because Node.js' GYP-based build system cannot use the same PERL script to generate different implementations by passing different command line parameters like the original OpenSSL build system does.
- 7817fbd692120887619d07228882dd19461109b6: deps: fix openssl assembly error on ia32 win32. Node.js uses openssl's s_client program to run some of its tests. However, this program requires the user to press a key to continue, which makes Node.js' tests time out. This change makes it continue without needing any user interaction.
- c4b9be7c5a97b9cac99cd599dbd995da556a5a17
- 6b97c2e98627b5189e01b871f9130b5efc41988d