Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat!: use OpenSSL instead of node-forge for DER-to-PEM conversion COMPASS-8073 #4

Merged
merged 1 commit into from
Jul 10, 2024
Merged

feat!: use OpenSSL instead of node-forge for DER-to-PEM conversion COMPASS-8073 #4

merged 1 commit into from
Jul 10, 2024

Conversation

addaleax
Copy link
Contributor

This commit removes node-forge as a dependency and the conversion logic for X.509 certificates from DER to PEM format that we used it for, and replaces that logic with direct calls to OpenSSL functions (which are always available in Node.js).

The main downside of this approach is that it removes the ABI stability guarantees we get from Node-API and instead makes us dependent on the OpenSSL ABI as well. Currently, the functions used in this code are compatible with OpenSSL 1.1.x and 3.x, which should be good enough in the present and for at least a good number of years into the future.

The main upside of this approach is that it is significantly faster, and should enable applications that use this package to get the system certificate list to do so by default, rather than as an opt-in feature.

@addaleax
feat!: use OpenSSL instead of node-forge for DER-to-PEM conversion
578f970 
This commit removes node-forge as a dependency and the conversion
logic for X.509 certificates from DER to PEM format that we used it for,
and replaces that logic with direct calls to OpenSSL functions
(which are always available in Node.js).

The main downside of this approach is that it removes the ABI stability
guarantees we get from Node-API and instead makes us dependent on the
OpenSSL ABI as well. Currently, the functions used in this code are
compatible with OpenSSL 1.1.x and 3.x, which should be good enough
in the present and for at least a good number of years into the future.

The main upside of this approach is that it is significantly faster,
and should enable applications that use this package to get the
system certificate list to do so by default, rather than as an opt-in
feature.
@addaleax addaleax changed the title feat!: use OpenSSL instead of node-forge for DER-to-PEM conversion feat!: use OpenSSL instead of node-forge for DER-to-PEM conversion COMPASS-8073 Jul 10, 2024
kmruiz
kmruiz reviewed Jul 10, 2024
View reviewed changes
binding.cc Show resolved Hide resolved
binding.cc Show resolved Hide resolved
@addaleax addaleax merged commit d2a3bce into main Jul 10, 2024
3 checks passed
@addaleax addaleax deleted the openssl-d2i branch July 10, 2024 12:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kmruiz kmruiz kmruiz approved these changes

@lerouxb lerouxb lerouxb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@addaleax @lerouxb @kmruiz