diff --git a/patches/node/feat_optionally_prevent_calling_v8_enablewebassemblytraphandler.patch b/patches/node/feat_optionally_prevent_calling_v8_enablewebassemblytraphandler.patch index ac212979660aa..0f8451e6d287f 100644 --- a/patches/node/feat_optionally_prevent_calling_v8_enablewebassemblytraphandler.patch +++ b/patches/node/feat_optionally_prevent_calling_v8_enablewebassemblytraphandler.patch @@ -10,7 +10,7 @@ already been called. This should be upstreamed. diff --git a/src/node.cc b/src/node.cc -index 524f80ee69ee5248e045a2b61faf5610c9ba4285..971668792eabe5be299849b5a3fd8a2790a2210a 100644 +index 2bed5aec6a1bc362ef4e1e0d6715951537676270..f19948f50fef3518ec3a78b6d685dc35eeec5418 100644 --- a/src/node.cc +++ b/src/node.cc @@ -605,6 +605,7 @@ static void PlatformInit(ProcessInitializationFlags::Flags flags) { diff --git a/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch b/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch index 18c3b4822b554..50e25bac6b934 100644 --- a/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch +++ b/patches/node/fix_handle_boringssl_and_openssl_incompatibilities.patch @@ -373,6 +373,38 @@ index 5734d8fdc5505e1586f571c19b840bd56e9c9f1f..3034b114e081e2b32dd5b71653927a41 } } // namespace +diff --git a/src/node.cc b/src/node.cc +index 524f80ee69ee5248e045a2b61faf5610c9ba4285..2bed5aec6a1bc362ef4e1e0d6715951537676270 100644 +--- a/src/node.cc ++++ b/src/node.cc +@@ -1027,7 +1027,8 @@ InitializeOncePerProcessInternal(const std::vector& args, + } + + if (!(flags & ProcessInitializationFlags::kNoInitOpenSSL)) { +-#if HAVE_OPENSSL && !defined(OPENSSL_IS_BORINGSSL) ++#if HAVE_OPENSSL ++#if !defined(OPENSSL_IS_BORINGSSL) + auto GetOpenSSLErrorString = []() -> std::string { + std::string ret; + ERR_print_errors_cb( +@@ -1118,7 +1119,7 @@ InitializeOncePerProcessInternal(const std::vector& args, + + // Ensure CSPRNG is properly seeded. + CHECK(crypto::CSPRNG(nullptr, 0).is_ok()); +- ++#endif // !defined(OPENSSL_IS_BORINGSSL) + V8::SetEntropySource([](unsigned char* buffer, size_t length) { + // V8 falls back to very weak entropy when this function fails + // and /dev/urandom isn't available. That wouldn't be so bad if +@@ -1133,7 +1134,7 @@ InitializeOncePerProcessInternal(const std::vector& args, + if (credentials::SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs)) + crypto::UseExtraCaCerts(extra_ca_certs); + } +-#endif // HAVE_OPENSSL && !defined(OPENSSL_IS_BORINGSSL) ++#endif // HAVE_OPENSSL + } + + if (!(flags & ProcessInitializationFlags::kNoInitializeNodeV8Platform)) { diff --git a/src/node_metadata.cc b/src/node_metadata.cc index b88cfb98e75aca426224e19376b3ff4c23b92e53..b66f4e2b5cbd8f36af42f82a8921207302360e39 100644 --- a/src/node_metadata.cc diff --git a/script/node-disabled-tests.json b/script/node-disabled-tests.json index c1ed8eeaf3ce6..b05bff18e0662 100644 --- a/script/node-disabled-tests.json +++ b/script/node-disabled-tests.json @@ -62,8 +62,6 @@ "parallel/test-snapshot-worker", "parallel/test-strace-openat-openssl", "parallel/test-tls-alpn-server-client", - "parallel/test-tls-cert-chains-concat", - "parallel/test-tls-cert-chains-in-ca", "parallel/test-tls-cli-max-version-1.2", "parallel/test-tls-cli-max-version-1.3", "parallel/test-tls-cli-min-version-1.1", @@ -77,8 +75,6 @@ "parallel/test-tls-cnnic-whitelist", "parallel/test-tls-disable-renegotiation", "parallel/test-tls-empty-sni-context", - "parallel/test-tls-env-bad-extra-ca", - "parallel/test-tls-env-extra-ca", "parallel/test-tls-finished", "parallel/test-tls-generic-stream", "parallel/test-tls-getcipher", diff --git a/shell/common/node_bindings.cc b/shell/common/node_bindings.cc index cad0ebf0577b4..9deb65bf442b9 100644 --- a/shell/common/node_bindings.cc +++ b/shell/common/node_bindings.cc @@ -338,7 +338,7 @@ bool IsAllowedOption(const std::string_view option) { // Initialize NODE_OPTIONS to pass to Node.js // See https://nodejs.org/api/cli.html#cli_node_options_options void SetNodeOptions(base::Environment* env) { - // Options that are unilaterally disallowed + // Options that are expressly disallowed static constexpr auto disallowed = base::MakeFixedFlatSet({ "--enable-fips", "--experimental-policy",