nornagon
commented
6 years ago I was mistaken—this doesn't actually fix the test. The real issue is that BoringSSL doesn't automatically build certificate chains by default.
Closed nornagon closed 6 years ago
nornagon
commented
6 years ago I was mistaken—this doesn't actually fix the test. The real issue is that BoringSSL doesn't automatically build certificate chains by default.
nornagon
commented
6 years ago NB, this actually doesn't enable node to use the OCSP stapling APIs, because it checks for the api with #if defined(SSL_CTX_set_tlsext_status_cb), but BoringSSL defines that as a function, not a macro.
One of Electron's tests exposed the fact that boringssl didn't support the OCSP stapling APIs that nodejs was calling. This backports a patch from boringssl that adds the APIs that nodejs expects, and causes the test to pass.