crypto: ignore directory paths in OPENSSL_CONF#63273
Open
haramj wants to merge 1 commit into
Open
Conversation
Collaborator
|
Review requested:
|
nodejs-github-bot
added
c++
haramj
force-pushed
the
haramj-patch-260512-1
branch
from
0ac0c7d to
09c23bb
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #63273 +/- ##
==========================================
+ Coverage 90.04% 90.06% +0.01%
==========================================
Files 713 714 +1
Lines 225003 225255 +252
Branches 42536 42581 +45
==========================================
+ Hits 202606 202866 +260
+ Misses 14177 14170 -7
+ Partials 8220 8219 -1
🚀 New features to boost your workflow:
|
PR-URL: nodejs#63218 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Signed-off-by: haramjeong <04harams77@gmail.com>
haramj
force-pushed
the
haramj-patch-260512-1
branch
from
09c23bb to
8979aad
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR improves the robustness of Node.js startup when the OPENSSL_CONF environment variable points to a directory instead of a file. Currently, such cases cause a fatal OpenSSL configuration error, preventing Node.js from starting. This change detects directory paths early, emits a descriptive warning, and allows Node.js to continue booting using default settings.
Root Cause Analysis
In src/node.cc, the InitializeOncePerProcessInternal function attempts to load the OpenSSL configuration. If OPENSSL_CONF is set to a directory (e.g., /tmp or C:), OpenSSL's internal fopen() fails, raising a fatal error that triggers an early return and process exit.
Changes
• Pre-check with stat(): Detects if conf_file is a directory before passing it to OpenSSL.
• Cross-platform Compatibility: Implemented directory detection using S_ISDIR and bitwise masks for environments where the macro is unavailable.
• Warning Instead of Exit: Replaced the fatal error exit with a fprintf(stderr, ...) warning to inform the user that the directory path is being ignored.
• Error Queue Management: Ensured the OpenSSL error queue is cleared using ERR_clear_error() to prevent side effects for subsequent operations.
Validation & Testing
I performed a clean build after running make distclean and verified the fix:
$ export OPENSSL_CONF=/tmp
$ ./node --use-system-ca -e "console.log('Final Validation: I am alive!')"
Actual Output:
Warning: OPENSSL_CONF path is a directory; ignoring: /tmp
Final Validation: I am alive!
I ran the full test suite using python3 tools/test.py:
• Passed: 5284 tests.
• Failed: 7 tests (All verified as missing FFI test fixtures, unrelated to this change).
• All parallel/test-crypto-* tests passed successfully.
• Passed make lint-cpp (Ensured all lines are 80 characters or less).
Fixes: #63256