openssl: disable HEARTBEAT TLS extension

Microsoft's IIS doesn't support it, and is not replying with ServerHello after receiving ClientHello which contains it. The good way might be allowing to opt-out this at runtime from javascript-land, but unfortunately OpenSSL doesn't support it right now. see #5119
author: Fedor Indutny <fedor.indutny@gmail.com> 2013-03-26 22:33:14 +0400
committer: Fedor Indutny <fedor.indutny@gmail.com> 2013-03-27 11:41:23 +0400
commit: 28c6e42ee761b1c55cafd188aa49a174963d43df (patch)
tree: bb84791e9413906d0234e0e65fe9e1369f23ef4a
parent: f0b68892d4e85c078836eb0809c64dde82918aeb (diff)
download: node-28c6e42ee761b1c55cafd188aa49a174963d43df.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/deps/openssl/openssl.gyp b/deps/openssl/openssl.gyp
index 0b08ecdf5..77af4de8d 100644
--- a/deps/openssl/openssl.gyp
+++ b/deps/openssl/openssl.gyp
@@ -16,7 +16,13 @@
         # No clue what these are for.
         'L_ENDIAN',
         'PURIFY',
-        '_REENTRANT'
+        '_REENTRANT',
+
+        # Heartbeat is a TLS extension, that couldn't be turned off or
+        # asked to be not advertised. Unfortunately this is unacceptable for
+        # Microsoft's IIS, which seems to be ignoring whole ClientHello after
+        # seeing this extension.
+        'OPENSSL_NO_HEARTBEATS',
       ],
       'sources': [
         'openssl/ssl/bio_ssl.c',
author	Fedor Indutny <fedor.indutny@gmail.com>	2013-03-26 22:33:14 +0400
committer	Fedor Indutny <fedor.indutny@gmail.com>	2013-03-27 11:41:23 +0400
commit	28c6e42ee761b1c55cafd188aa49a174963d43df (patch)
tree	bb84791e9413906d0234e0e65fe9e1369f23ef4a
parent	f0b68892d4e85c078836eb0809c64dde82918aeb (diff)
download	node-28c6e42ee761b1c55cafd188aa49a174963d43df.tar.gz