diff options
| author | Daniel Bevenius <daniel.bevenius@gmail.com> | 2020-06-03 12:56:58 +0200 |
|---|---|---|
| committer | Daniel Bevenius <daniel.bevenius@gmail.com> | 2020-06-08 13:21:54 +0200 |
| commit | 7f8e977ee04f9f67b3705b329b815825fad7116e (patch) | |
| tree | 794144f2e6348446c9cac3925a3e311b853d41b9 /configure.py | |
| parent | 111d1e523d632c489bfe99adfb3f8c080e996d32 (diff) | |
| download | node-new-7f8e977ee04f9f67b3705b329b815825fad7116e.tar.gz | |
src,build: add --openssl-default-cipher-list
This commit adds a configuration option named
openssl-default-cipher-list which takes a colon separated string
specifying ciphers that should be used as the default ciphers instead of
the ones defined in node_constants.
The motivation for this is a use case where Fedora/RHEL would like
to be able to specify a default cipher in the format PROFILE=SYSTEM.
This would enable Fedora/RHEL to have a system wide security level for
all applications.
PR-URL: https://github.com/nodejs/node/pull/33708
Refs: https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Diffstat (limited to 'configure.py')
| -rwxr-xr-x | configure.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/configure.py b/configure.py index 285dfb2250..87d99f75be 100755 --- a/configure.py +++ b/configure.py @@ -170,6 +170,11 @@ parser.add_option("--link-module", "e.g. /root/x/y.js will be referenced via require('root/x/y'). " "Can be used multiple times") +parser.add_option('--openssl-default-cipher-list', + action='store', + dest='openssl_default_cipher_list', + help='Use the specified cipher list as the default cipher list') + parser.add_option("--openssl-no-asm", action="store_true", dest="openssl_no_asm", @@ -1302,6 +1307,8 @@ def configure_openssl(o): without_ssl_error('--openssl-no-asm') if options.openssl_fips: without_ssl_error('--openssl-fips') + if options.openssl_default_cipher_list: + without_ssl_error('--openssl-default-cipher-list') return if options.use_openssl_ca_store: @@ -1311,6 +1318,9 @@ def configure_openssl(o): variables['node_without_node_options'] = b(options.without_node_options) if options.without_node_options: o['defines'] += ['NODE_WITHOUT_NODE_OPTIONS'] + if options.openssl_default_cipher_list: + variables['openssl_default_cipher_list'] = \ + options.openssl_default_cipher_list if not options.shared_openssl and not options.openssl_no_asm: is_x86 = 'x64' in variables['target_arch'] or 'ia32' in variables['target_arch'] |