lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

crypto: don't build hardware engines 

Compile out hardware engines.

`ENGINE_load_builtin_engines()` is not called in v0.10 so this does
not represent a known security vulnerability.

Backport of
https://github.com/nodejs/node-private/pull/58

PR-URL: https://github.com/nodejs/node-private/pull/68
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v0.10
Rod Vagg 9 years ago
parent
fc259c7dc4
commit
03f4920d6a
1 changed files with 5 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      deps/openssl/openssl.gyp

5
deps/openssl/openssl.gyp
View File

@ -1099,6 +1099,11 @@
# Microsoft's IIS, which seems to be ignoring whole ClientHello after
# seeing this extension.
'OPENSSL_NO_HEARTBEATS',
# Compile out hardware engines. Most are stubs that dynamically load
# the real driver but that poses a security liability when an attacker
# is able to create a malicious DLL in one of the default search paths.
'OPENSSL_NO_HW',
],
'direct_dependent_settings': {
'defines': [

Write Preview
Loading…
Cancel
Save