crypto: add crypto::GetSSLCtx API for addon access to OpenSSL contexts#62254
Open
pimterry wants to merge 1 commit intonodejs:mainfrom
Open
crypto: add crypto::GetSSLCtx API for addon access to OpenSSL contexts#62254pimterry wants to merge 1 commit intonodejs:mainfrom
pimterry wants to merge 1 commit intonodejs:mainfrom
Conversation
Collaborator
|
Review requested:
|
nodejs-github-bot
added
c++
This intended to replace usage of the unsupported _external field, offering an official API for native addons to access OpenSSL directly while reducing the JS API and internal field exposure.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #62254 +/- ##
=======================================
Coverage 89.66% 89.67%
=======================================
Files 676 676
Lines 206500 206516 +16
Branches 39539 39543 +4
=======================================
+ Hits 185168 185187 +19
+ Misses 13463 13451 -12
- Partials 7869 7878 +9
🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Once upon a time (#20237) we attempted to remove the
secureContext.context._externalfield which exposes OpenSSL contexts. This was later reverted (#21711) because it turns out there are external native addons which do want to integrate with Node's OpenSSL, and were using this JS API as it's currently the only way to do so.At the time, @sam-github said:
I think this makes a lot of sense. I'm in the process of building a native addon myself that needs access to OpenSSL contexts (user-space solution for #41112). I'd like to do this properly, without having to awkwardly hook onto internals like this.
This PR does that: creating a new
node::crypto::GetSSLCtxnative API, so C++ addons can access the OpenSSL context directly. With this in place, we could potentially drop_externalentirely from the JS API (and maybe even.context) in some future major bump. Naming is intended to match the SSL_CTX type and OpenSSL SSL_CTX_... APIs etc, but open to bikeshedding that further.This API itself should be easy to keep stable as OpenSSL changes, but obviously SSL_CTX won't be stable as it has APIs that will change as we upgrade OpenSSL versions etc. I think that's fine, there's clearly no real avoiding that and addons using this will have to be able to deal with OpenSSL changes like this appropriately. Reasonable given that it's a native-only API imo.