What | Removed | Added |
---|---|---|
Assignee | i@marguerite.su | amajer@suse.com |
If the patch is reverted, then the CA store that is used is upstream's bundled CA blob and system CA store is ignored, which is not very good. I think the best way would be to patch OpenSSL shipped with NodeJS, just for the SLE11 people, so that that the certificate hash function is the same as in the old version of OpenSSL. Now I'm not certain of the amount of work required for this, but if it's not too much, then this may be better option. But then this has problems because SLE11 apparently has OpenSSL 1.x in its security module. So... Another option would be to ship c_rehash binary from NodeJS in-tree version in libexec path that then can be used by users still on SLE11 and affected to relink things.