From dae7163d67059e98c79fdd64477a5b4e2303e48b Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Wed, 24 May 2017 14:37:29 +0200 Subject: [PATCH 1/2] crypto: remove root_cert_store from node_crypto.h root_cert_store is defined as extern in node_crypto.h but only used in node_crypto.cc. It is then set using SSL_CTX_set_cert_store. The only usages of SSL_CTX_get_cert_store are in node_crypto.cc which would all be accessing the same X509_STORE through the root_cert_store pointer as far as I can tell. Am I missing something here? This commit suggests removing it from the header and making it static in node_crypto.cc. --- src/node_crypto.cc | 2 +- src/node_crypto.h | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 19cc30ee41f410..403a81700925b8 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -152,7 +152,7 @@ const char* const root_certs[] = { std::string extra_root_certs_file; // NOLINT(runtime/string) -X509_STORE* root_cert_store; +static X509_STORE* root_cert_store; // Just to generate static methods template void SSLWrap::AddMethods(Environment* env, diff --git a/src/node_crypto.h b/src/node_crypto.h index 2d78a38974ed22..33c9cf783ecedb 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -84,8 +84,6 @@ enum CheckResult { extern int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx); -extern X509_STORE* root_cert_store; - extern void UseExtraCaCerts(const std::string& file); class SecureContext : public BaseObject { From 3a5646c7d732037907aa5bd738c2e2512321ebaf Mon Sep 17 00:00:00 2001 From: Daniel Bevenius Date: Wed, 24 May 2017 15:54:29 +0200 Subject: [PATCH 2/2] make extra_root_certs_file and root_certs static --- src/node_crypto.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 403a81700925b8..7f78a427042f4b 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -146,11 +146,11 @@ static X509_NAME *cnnic_ev_name = static Mutex* mutexes; -const char* const root_certs[] = { +static const char* const root_certs[] = { #include "node_root_certs.h" // NOLINT(build/include_order) }; -std::string extra_root_certs_file; // NOLINT(runtime/string) +static std::string extra_root_certs_file; // NOLINT(runtime/string) static X509_STORE* root_cert_store;