crypto: add crypto::GetSSLCtx API for addon access to OpenSSL contexts#62254
Merged
nodejs-github-bot merged 2 commits intonodejs:mainfrom Mar 23, 2026
Merged
crypto: add crypto::GetSSLCtx API for addon access to OpenSSL contexts#62254nodejs-github-bot merged 2 commits intonodejs:mainfrom
nodejs-github-bot merged 2 commits intonodejs:mainfrom
Conversation
Collaborator
|
Review requested:
|
This intended to replace usage of the unsupported _external field, offering an official API for native addons to access OpenSSL directly while reducing the JS API and internal field exposure.
Codecov Reportβ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #62254 +/- ##
==========================================
- Coverage 89.66% 89.66% -0.01%
==========================================
Files 676 676
Lines 206500 206572 +72
Branches 39539 39555 +16
==========================================
+ Hits 185168 185231 +63
+ Misses 13463 13459 -4
- Partials 7869 7882 +13
π New features to boost your workflow:
|
addaleax
reviewed
Mar 15, 2026
addaleax
approved these changes
Mar 15, 2026
Collaborator
Collaborator
Collaborator
Collaborator
Collaborator
Collaborator
Commit Queue failed- Loading data for nodejs/node/pull/62254 β Done loading data for nodejs/node/pull/62254 ----------------------------------- PR info ------------------------------------ Title crypto: add crypto::GetSSLCtx API for addon access to OpenSSL contexts (#62254) β Could not retrieve the email or name of the PR author's from user's GitHub profile! Branch pimterry:getsslctx-api -> nodejs:main Labels crypto, c++, needs-ci, commit-queue-squash Commits 2 - crypto: add crypto::GetSSLCtx API for addon access to OpenSSL contexts - Handle JS getter exceptions in GetSSLCtx Committers 1 - Tim Perry <pimterry@gmail.com> PR-URL: https://github.com/nodejs/node/pull/62254 Reviewed-By: Anna Henningsen <anna@addaleax.net> ------------------------------ Generated metadata ------------------------------ PR-URL: https://github.com/nodejs/node/pull/62254 Reviewed-By: Anna Henningsen <anna@addaleax.net> -------------------------------------------------------------------------------- βΉ This PR was created on Sat, 14 Mar 2026 16:27:50 GMT β Approvals: 1 β - Anna Henningsen (@addaleax): https://github.com/nodejs/node/pull/62254#pullrequestreview-3950716542 β Last GitHub CI successful βΉ Last Full PR CI on 2026-03-18T17:02:27Z: https://ci.nodejs.org/job/node-test-pull-request/71864/ - Querying data for job/node-test-pull-request/71864/ β Last Jenkins CI successful -------------------------------------------------------------------------------- β No git cherry-pick in progress β No git am in progress β No git rebase in progress -------------------------------------------------------------------------------- - Bringing origin/main up to date... From https://github.com/nodejs/node * branch main -> FETCH_HEAD β origin/main is now up-to-date - Downloading patch for 62254 From https://github.com/nodejs/node * branch refs/pull/62254/merge -> FETCH_HEAD β Fetched commits as 22fc52bda16b..e37890620fa3 -------------------------------------------------------------------------------- [main ea4524b511] crypto: add crypto::GetSSLCtx API for addon access to OpenSSL contexts Author: Tim Perry <pimterry@gmail.com> Date: Sat Mar 14 16:09:37 2026 +0100 6 files changed, 159 insertions(+) create mode 100644 test/addons/openssl-get-ssl-ctx/binding.cc create mode 100644 test/addons/openssl-get-ssl-ctx/binding.gyp create mode 100644 test/addons/openssl-get-ssl-ctx/test.js [main a8907b2aca] Handle JS getter exceptions in GetSSLCtx Author: Tim Perry <pimterry@gmail.com> Date: Sun Mar 15 18:15:20 2026 +0100 2 files changed, 12 insertions(+) β Patches applied There are 2 commits in the PR. Attempting to fixup everything into first commit. [main 55124ce18f] crypto: add crypto::GetSSLCtx API for addon access to OpenSSL contexts Author: Tim Perry <pimterry@gmail.com> Date: Sat Mar 14 16:09:37 2026 +0100 6 files changed, 171 insertions(+) create mode 100644 test/addons/openssl-get-ssl-ctx/binding.cc create mode 100644 test/addons/openssl-get-ssl-ctx/binding.gyp create mode 100644 test/addons/openssl-get-ssl-ctx/test.js --------------------------------- New Message ---------------------------------- crypto: add crypto::GetSSLCtx API for addon access to OpenSSL contexts
Temporary files removed.
|
Collaborator
|
Landed in 2263b4d |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Once upon a time (#20237) we attempted to remove the
secureContext.context._externalfield which exposes OpenSSL contexts. This was later reverted (#21711) because it turns out there are external native addons which do want to integrate with Node's OpenSSL, and were using this JS API as it's currently the only way to do so.At the time, @sam-github said:
I think this makes a lot of sense. I'm in the process of building a native addon myself that needs access to OpenSSL contexts (user-space solution for #41112). I'd like to do this properly, without having to awkwardly hook onto internals like this.
This PR does that: creating a new
node::crypto::GetSSLCtxnative API, so C++ addons can access the OpenSSL context directly. With this in place, we could potentially drop_externalentirely from the JS API (and maybe even.context) in some future major bump. Naming is intended to match the SSL_CTX type and OpenSSL SSL_CTX_... APIs etc, but open to bikeshedding that further.This API itself should be easy to keep stable as OpenSSL changes, but obviously SSL_CTX won't be stable as it has APIs that will change as we upgrade OpenSSL versions etc. I think that's fine, there's clearly no real avoiding that and addons using this will have to be able to deal with OpenSSL changes like this appropriately. Reasonable given that it's a native-only API imo.