diff --git a/patches/node/.patches b/patches/node/.patches index a1a48009d9..28e87e4cb0 100644 --- a/patches/node/.patches +++ b/patches/node/.patches @@ -47,3 +47,4 @@ fix-creates-a-new-without-fill-buffer-issues.patch support-SSL-select-client-cert-callback-on-tls-s.patch src-add-crypto-wrapper-for-node-openssl.patch src_remove_execsync_return_stderr_write_to_process.patch +src_new_store_add_partial_chain_flag.patch diff --git a/patches/node/src_new_store_add_partial_chain_flag.patch b/patches/node/src_new_store_add_partial_chain_flag.patch new file mode 100644 index 0000000000..fc80d1b63f --- /dev/null +++ b/patches/node/src_new_store_add_partial_chain_flag.patch @@ -0,0 +1,42 @@ +From 0e3028ba5bef23d01be6ecdc368cfadb83b08022 Mon Sep 17 00:00:00 2001 +From: Lin Cheng +Date: Wed, 15 Feb 2023 12:03:46 +0000 +Subject: [PATCH] src: new store add X509_V_FLAG_PARTIAL_CHAIN flag + +--- + src/crypto/crypto_context.cc | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc +index 1e1057ccbb..bd12fd76c6 100644 +--- a/src/crypto/crypto_context.cc ++++ b/src/crypto/crypto_context.cc +@@ -227,7 +227,6 @@ X509_STORE* NewRootCertStore() { + Thin_X509_STORE_add_cert(store, cert); + } + } +- Thin_X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN); + + return store; + } +@@ -714,6 +713,9 @@ void SecureContext::AddCACert(const FunctionCallbackInfo& args) { + Thin_SSL_CTX_add_client_CA(sc->ctx_.get(), x509); + Thin_X509_free(x509); + } ++ if (cert_store) { ++ Thin_X509_STORE_set_flags(cert_store, X509_V_FLAG_PARTIAL_CHAIN); ++ } + } + + void SecureContext::AddCRL(const FunctionCallbackInfo& args) { +@@ -758,6 +760,7 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo& args) { + + // Increment reference count so global store is not deleted along with CTX. + Thin_X509_STORE_up_ref(root_cert_store); ++ Thin_X509_STORE_set_flags(root_cert_store, X509_V_FLAG_PARTIAL_CHAIN); + Thin_SSL_CTX_set_cert_store(sc->ctx_.get(), root_cert_store); + } + +-- +2.25.1 +