Yes, both of these should be shipped by ca-certificates:
/var/lib/ca-certificates/ca-bundle.pem
/var/lib/ca-certificates/openssl
Probably, the easiest solution would be to require the package from nodejs.
Adding it as a dependency of openssl might not be possible as I think its not
in ring0. Let me ask Dominique.