Skip to content

Conversation

@joyeecheung
Copy link
Member

The X509 structures are never freed. Use ncrypto::X509Pointer to manage it automatically and move the X509* to PEM conversion into a helper to be reused by integration in other systems.

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Jan 30, 2025
The X509 structures are never freed. Use ncrypto::X509Pointer to
manage it automatically and move the X509* to PEM conversion into
a helper to be reused by integration in other systems.
@joyeecheung joyeecheung requested a review from jasnell January 30, 2025 17:42
@joyeecheung joyeecheung added the request-ci Add this label to start a Jenkins CI on a PR. label Jan 30, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jan 30, 2025
@nodejs-github-bot

This comment was marked as outdated.

@codecov
Copy link

codecov bot commented Jan 30, 2025

Codecov Report

Attention: Patch coverage is 0% with 16 lines in your changes missing coverage. Please review.

Project coverage is 89.20%. Comparing base (304bb9c) to head (8fdaad7).
Report is 77 commits behind head on main.

Files with missing lines Patch % Lines
src/crypto/crypto_context.cc 0.00% 16 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main   #56832      +/-   ##
==========================================
- Coverage   89.20%   89.20%   -0.01%     
==========================================
  Files         663      663              
  Lines      192012   192028      +16     
  Branches    36929    36934       +5     
==========================================
+ Hits       171286   171291       +5     
- Misses      13582    13597      +15     
+ Partials     7144     7140       -4     
Files with missing lines Coverage Δ
src/crypto/crypto_context.cc 67.49% <0.00%> (-1.20%) ⬇️

... and 17 files with indirect coverage changes

// TODO(joyeecheung): it is a bit excessive to do this X509 -> PEM -> X509
// dance when we could've just pass everything around in binary. Change the
// root_certs to be embedded as DER so that we can save the serialization
// and deserialization.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

Copy link
Contributor

@timja timja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the follow up!

@joyeecheung joyeecheung added the request-ci Add this label to start a Jenkins CI on a PR. label Feb 6, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 6, 2025
@nodejs-github-bot

This comment was marked as outdated.

@nodejs-github-bot

This comment was marked as outdated.

@nodejs-github-bot
Copy link
Collaborator

jasnell pushed a commit that referenced this pull request Feb 6, 2025
The X509 structures are never freed. Use ncrypto::X509Pointer to
manage it automatically and move the X509* to PEM conversion into
a helper to be reused by integration in other systems.

PR-URL: #56832
Reviewed-By: James M Snell <[email protected]>
@jasnell
Copy link
Member

jasnell commented Feb 6, 2025

Landed in 4355b3f

@jasnell jasnell closed this Feb 6, 2025
targos pushed a commit that referenced this pull request Feb 7, 2025
The X509 structures are never freed. Use ncrypto::X509Pointer to
manage it automatically and move the X509* to PEM conversion into
a helper to be reused by integration in other systems.

PR-URL: #56832
Reviewed-By: James M Snell <[email protected]>
acidiney pushed a commit to acidiney/node that referenced this pull request Feb 23, 2025
The X509 structures are never freed. Use ncrypto::X509Pointer to
manage it automatically and move the X509* to PEM conversion into
a helper to be reused by integration in other systems.

PR-URL: nodejs#56832
Reviewed-By: James M Snell <[email protected]>
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Feb 25, 2025
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | minor | `23.7.0` -> `23.8.0` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

### [`v23.8.0`](https://github.com/nodejs/node/releases/tag/v23.8.0): 2025-02-13, Version 23.8.0 (Current), @&#8203;targos

[Compare Source](nodejs/node@v23.7.0...v23.8.0)

##### Notable Changes

##### Support for using system CA certificates store on macOS and Windows

This version adds the `--use-system-ca` command-line flag, which instructs Node.js
to use the trusted CA certificates present in the system store along with
the `--use-bundled-ca`, `--use-openssl-ca` options.

This option is available on macOS and Windows for now.

Contributed by Tim Jacomb in [#&#8203;56599](nodejs/node#56599)
and Joyee Cheung in [#&#8203;56833](nodejs/node#56833).

##### Introduction of the URL Pattern API

An implementation of the [URL Pattern API](https://developer.mozilla.org/en-US/docs/Web/API/URL_Pattern_API)
is now available.

The `URLPattern` constructor is exported from the `node:url` module and will be
available as a global in Node.js 24.

Contributed by Yagiz Nizipli and Daniel Lemire in [#&#8203;56452](nodejs/node#56452).

##### Support for the zstd compression algorithm

Node.js now includes support for the Zstandard (zstd) compression algorithm.
Various APIs have been added to the `node:zlib` module for both compression and decompression
of zstd streams.

Contributed by Jan Krems in [#&#8203;52100](nodejs/node#52100).

##### Node.js thread names

Threads created by the Node.js process are now named to improve the debugging experience.
Worker threads will use the `name` option that can be passed to the `Worker` constructor.

Contributed by Rafael Gonzaga in [#&#8203;56416](nodejs/node#56416).

##### Timezone data has been updated to 2025a

Included changes:

-   Paraguay adopts permanent -03 starting spring 2024.
-   Improve pre-1991 data for the Philippines.

##### Other Notable Changes

-   \[[`39997867cf`](nodejs/node@39997867cf)] - **(SEMVER-MINOR)** **sqlite**: allow returning `ArrayBufferView`s from user-defined functions (René) [#&#8203;56790](nodejs/node#56790)

##### Commits

-   \[[`0ee9c34d63`](nodejs/node@0ee9c34d63)] - **benchmark**: add simple parse and test benchmarks for URLPattern (James M Snell) [#&#8203;56882](nodejs/node#56882)
-   \[[`b3f2045d14`](nodejs/node@b3f2045d14)] - **build**: gyp exclude libm linking on macOS (deepak1556) [#&#8203;56901](nodejs/node#56901)
-   \[[`e0dd9aefd6`](nodejs/node@e0dd9aefd6)] - **build**: remove explicit linker call to libm on macOS (deepak1556) [#&#8203;56901](nodejs/node#56901)
-   \[[`52399da780`](nodejs/node@52399da780)] - **build**: link with Security.framework in GN build (Cheng) [#&#8203;56895](nodejs/node#56895)
-   \[[`582b9221c9`](nodejs/node@582b9221c9)] - **build**: do not put commands in sources variables (Cheng) [#&#8203;56885](nodejs/node#56885)
-   \[[`ea61b956e9`](nodejs/node@ea61b956e9)] - **build**: add double quotes around <(python) (Luigi Pinca) [#&#8203;56826](nodejs/node#56826)
-   \[[`14236ef778`](nodejs/node@14236ef778)] - **build**: add build option suppress_all_error_on_warn (Michael Dawson) [#&#8203;56647](nodejs/node#56647)
-   \[[`dfd3f430f3`](nodejs/node@dfd3f430f3)] - **build,win**: enable ccache (Stefan Stojanovic) [#&#8203;56847](nodejs/node#56847)
-   \[[`3e207bd9ec`](nodejs/node@3e207bd9ec)] - **(SEMVER-MINOR)** **crypto**: support --use-system-ca on Windows (Joyee Cheung) [#&#8203;56833](nodejs/node#56833)
-   \[[`fe2694a992`](nodejs/node@fe2694a992)] - **crypto**: fix X509\* leak in --use-system-ca (Joyee Cheung) [#&#8203;56832](nodejs/node#56832)
-   \[[`60039a2c36`](nodejs/node@60039a2c36)] - **crypto**: add api to get openssl security level (Michael Dawson) [#&#8203;56601](nodejs/node#56601)
-   \[[`39a474f7c0`](nodejs/node@39a474f7c0)] - **(SEMVER-MINOR)** **crypto**: added support for reading certificates from macOS system store (Tim Jacomb) [#&#8203;56599](nodejs/node#56599)
-   \[[`144bee8067`](nodejs/node@144bee8067)] - **deps**: update zlib to 1.3.0.1-motley-788cb3c (Node.js GitHub Bot) [#&#8203;56655](nodejs/node#56655)
-   \[[`7fd39e3a79`](nodejs/node@7fd39e3a79)] - **deps**: update sqlite to 3.49.0 (Node.js GitHub Bot) [#&#8203;56654](nodejs/node#56654)
-   \[[`d698cb5434`](nodejs/node@d698cb5434)] - **deps**: update amaro to 0.3.2 (marco-ippolito) [#&#8203;56916](nodejs/node#56916)
-   \[[`dbd09067c0`](nodejs/node@dbd09067c0)] - **deps**: V8: cherry-pick [`9ab4059`](nodejs/node@9ab40592f697) (Levi Zim) [#&#8203;56781](nodejs/node#56781)
-   \[[`ee33ef3aa6`](nodejs/node@ee33ef3aa6)] - **deps**: update cjs-module-lexer to 2.0.0 (Michael Dawson) [#&#8203;56855](nodejs/node#56855)
-   \[[`c0542557d0`](nodejs/node@c0542557d0)] - **deps**: update timezone to 2025a (Node.js GitHub Bot) [#&#8203;56876](nodejs/node#56876)
-   \[[`d67cb1f9bb`](nodejs/node@d67cb1f9bb)] - **deps**: update simdjson to 3.12.0 (Node.js GitHub Bot) [#&#8203;56874](nodejs/node#56874)
-   \[[`70b04b4314`](nodejs/node@70b04b4314)] - **deps**: update googletest to [`e235eb3`](nodejs/node@e235eb3) (Node.js GitHub Bot) [#&#8203;56873](nodejs/node#56873)
-   \[[`e11cda003f`](nodejs/node@e11cda003f)] - **(SEMVER-MINOR)** **deps**: update ada to v3.0.1 (Yagiz Nizipli) [#&#8203;56452](nodejs/node#56452)
-   \[[`8743ef525d`](nodejs/node@8743ef525d)] - **deps**: update simdjson to 3.11.6 (Node.js GitHub Bot) [#&#8203;56250](nodejs/node#56250)
-   \[[`0f553e5575`](nodejs/node@0f553e5575)] - **deps**: update amaro to 0.3.1 (Node.js GitHub Bot) [#&#8203;56785](nodejs/node#56785)
-   \[[`380a8d8d2f`](nodejs/node@380a8d8d2f)] - **(SEMVER-MINOR)** **deps,tools**: add zstd 1.5.6 (Jan Krems) [#&#8203;52100](nodejs/node#52100)
-   \[[`66898a7c3b`](nodejs/node@66898a7c3b)] - **doc**: update history of stream.Readable.toWeb() (Jimmy Leung) [#&#8203;56928](nodejs/node#56928)
-   \[[`9e29416e12`](nodejs/node@9e29416e12)] - **doc**: make MDN links to global classes more consistent (Antoine du Hamel) [#&#8203;56924](nodejs/node#56924)
-   \[[`6bc270728a`](nodejs/node@6bc270728a)] - **doc**: make MDN links to global classes more consistent in `assert.md` (Antoine du Hamel) [#&#8203;56920](nodejs/node#56920)
-   \[[`00da003171`](nodejs/node@00da003171)] - **doc**: make MDN links to global classes more consistent (Antoine du Hamel) [#&#8203;56923](nodejs/node#56923)
-   \[[`d90198793a`](nodejs/node@d90198793a)] - **doc**: make MDN links to global classes more consistent in `util.md` (Antoine du Hamel) [#&#8203;56922](nodejs/node#56922)
-   \[[`5f4377a759`](nodejs/node@5f4377a759)] - **doc**: make MDN links to global classes more consistent in `buffer.md` (Antoine du Hamel) [#&#8203;56921](nodejs/node#56921)
-   \[[`7353266b50`](nodejs/node@7353266b50)] - **doc**: improve type stripping documentation (Marco Ippolito) [#&#8203;56916](nodejs/node#56916)
-   \[[`888d2acc3a`](nodejs/node@888d2acc3a)] - **doc**: specificy support for erasable ts syntax (Marco Ippolito) [#&#8203;56916](nodejs/node#56916)
-   \[[`3c082d43bc`](nodejs/node@3c082d43bc)] - **doc**: update post sec release process (Rafael Gonzaga) [#&#8203;56907](nodejs/node#56907)
-   \[[`f0bf35d3c5`](nodejs/node@f0bf35d3c5)] - **doc**: update websocket link to avoid linking to self (Chengzhong Wu) [#&#8203;56897](nodejs/node#56897)
-   \[[`373dbb0e6c`](nodejs/node@373dbb0e6c)] - **doc**: mark `--env-file-if-exists` flag as experimental (Juan José) [#&#8203;56893](nodejs/node#56893)
-   \[[`d436888cc8`](nodejs/node@d436888cc8)] - **doc**: fix typo in cjs example of `util.styleText` (Deokjin Kim) [#&#8203;56769](nodejs/node#56769)
-   \[[`91638eeb4a`](nodejs/node@91638eeb4a)] - **doc**: clarify sqlite user-defined function behaviour (René) [#&#8203;56786](nodejs/node#56786)
-   \[[`bab9c4d331`](nodejs/node@bab9c4d331)] - **events**: getMaxListeners detects 0 listeners (Matthew Aitken) [#&#8203;56807](nodejs/node#56807)
-   \[[`ccaf7fe737`](nodejs/node@ccaf7fe737)] - **fs**: make `FileHandle.readableWebStream` always create byte streams (Ian Kerins) [#&#8203;55461](nodejs/node#55461)
-   \[[`974cec7a0a`](nodejs/node@974cec7a0a)] - **http**: be more generational GC friendly (ywave620) [#&#8203;56767](nodejs/node#56767)
-   \[[`be00058712`](nodejs/node@be00058712)] - **inspector**: add Network.Initiator in inspector protocol (Chengzhong Wu) [#&#8203;56805](nodejs/node#56805)
-   \[[`31293a4b09`](nodejs/node@31293a4b09)] - **inspector**: fix GN build (Cheng) [#&#8203;56798](nodejs/node#56798)
-   \[[`91a302356b`](nodejs/node@91a302356b)] - **inspector**: fix StringUtil::CharacterCount for unicodes (Chengzhong Wu) [#&#8203;56788](nodejs/node#56788)
-   \[[`3b305f25f2`](nodejs/node@3b305f25f2)] - **lib**: filter node:quic from builtinModules when flag not used (James M Snell) [#&#8203;56870](nodejs/node#56870)
-   \[[`f06ee4c54a`](nodejs/node@f06ee4c54a)] - **meta**: bump `actions/upload-artifact` from 4.4.3 to 4.6.0 (dependabot\[bot]) [#&#8203;56861](nodejs/node#56861)
-   \[[`d230bc3b3c`](nodejs/node@d230bc3b3c)] - **meta**: bump `actions/setup-node` from 4.1.0 to 4.2.0 (dependabot\[bot]) [#&#8203;56868](nodejs/node#56868)
-   \[[`d4ecfa745e`](nodejs/node@d4ecfa745e)] - **meta**: move one or more collaborators to emeritus (Node.js GitHub Bot) [#&#8203;56889](nodejs/node#56889)
-   \[[`698c56bb94`](nodejs/node@698c56bb94)] - **meta**: add [@&#8203;nodejs/url](https://github.com/nodejs/url) as codeowner (Chengzhong Wu) [#&#8203;56783](nodejs/node#56783)
-   \[[`a274b28857`](nodejs/node@a274b28857)] - **module**: fix require.resolve() crash on non-string paths (Aditi) [#&#8203;56942](nodejs/node#56942)
-   \[[`4e3052aeee`](nodejs/node@4e3052aeee)] - **quic**: fixup errant LocalVector usage (James M Snell) [#&#8203;56564](nodejs/node#56564)
-   \[[`dfc61f7bb7`](nodejs/node@dfc61f7bb7)] - **readline**: fix unresolved promise on abortion (Daniel Venable) [#&#8203;54030](nodejs/node#54030)
-   \[[`9e60501f5e`](nodejs/node@9e60501f5e)] - **sqlite**: fix coverity warnings related to backup() (Colin Ihrig) [#&#8203;56961](nodejs/node#56961)
-   \[[`1913a4aabc`](nodejs/node@1913a4aabc)] - **sqlite**: restore changes from [#&#8203;55373](nodejs/node#55373) (Colin Ihrig) [#&#8203;56908](nodejs/node#56908)
-   \[[`8410c955b7`](nodejs/node@8410c955b7)] - **sqlite**: fix use-after-free in StatementSync due to premature GC (Divy Srivastava) [#&#8203;56840](nodejs/node#56840)
-   \[[`01d732d629`](nodejs/node@01d732d629)] - **sqlite**: handle conflicting SQLite and JS errors (Colin Ihrig) [#&#8203;56787](nodejs/node#56787)
-   \[[`39997867cf`](nodejs/node@39997867cf)] - **(SEMVER-MINOR)** **sqlite**: allow returning `ArrayBufferView`s from user-defined functions (René) [#&#8203;56790](nodejs/node#56790)
-   \[[`8dc637681a`](nodejs/node@8dc637681a)] - **sqlite, test**: expose sqlite online backup api (Edy Silva) [#&#8203;56253](nodejs/node#56253)
-   \[[`cfea53eccc`](nodejs/node@cfea53eccc)] - **src**: use `args.This()` in zlib (Michaël Zasso) [#&#8203;56988](nodejs/node#56988)
-   \[[`6b398d6d0b`](nodejs/node@6b398d6d0b)] - **src**: replace `SplitString` with built-in (Yagiz Nizipli) [#&#8203;54990](nodejs/node#54990)
-   \[[`fbb32e0a08`](nodejs/node@fbb32e0a08)] - **src**: add nullptr handling for `NativeKeyObject` (Burkov Egor) [#&#8203;56900](nodejs/node#56900)
-   \[[`83ff7be9fd`](nodejs/node@83ff7be9fd)] - **src**: disallow copy/move fns/constructors (Yagiz Nizipli) [#&#8203;56811](nodejs/node#56811)
-   \[[`63611d0331`](nodejs/node@63611d0331)] - **src**: add a hard dependency v8\_inspector_headers (Chengzhong Wu) [#&#8203;56805](nodejs/node#56805)
-   \[[`3d957d135c`](nodejs/node@3d957d135c)] - **src**: improve error handling in encoding_binding.cc (James M Snell) [#&#8203;56915](nodejs/node#56915)
-   \[[`9e9ac3ccd8`](nodejs/node@9e9ac3ccd8)] - **src**: avoid copy by using std::views::keys (Yagiz Nizipli) [#&#8203;56080](nodejs/node#56080)
-   \[[`086cdc297a`](nodejs/node@086cdc297a)] - **src**: remove obsolete NoArrayBufferZeroFillScope (James M Snell) [#&#8203;56913](nodejs/node#56913)
-   \[[`915d7aeb37`](nodejs/node@915d7aeb37)] - **src**: set signal inspector io thread name (RafaelGSS) [#&#8203;56416](nodejs/node#56416)
-   \[[`f4b086d29d`](nodejs/node@f4b086d29d)] - **src**: set thread name for main thread and v8 worker (RafaelGSS) [#&#8203;56416](nodejs/node#56416)
-   \[[`3579143630`](nodejs/node@3579143630)] - **src**: set worker thread name using worker.name (RafaelGSS) [#&#8203;56416](nodejs/node#56416)
-   \[[`736ff5de6d`](nodejs/node@736ff5de6d)] - **src**: use a default thread name for inspector (RafaelGSS) [#&#8203;56416](nodejs/node#56416)
-   \[[`be8e2b4d8f`](nodejs/node@be8e2b4d8f)] - **src**: improve error handling in permission.cc (James M Snell) [#&#8203;56904](nodejs/node#56904)
-   \[[`d6cf0911ee`](nodejs/node@d6cf0911ee)] - **src**: improve error handling in node_sqlite (James M Snell) [#&#8203;56891](nodejs/node#56891)
-   \[[`521fed1bac`](nodejs/node@521fed1bac)] - **src**: improve error handling in node_os by removing ToLocalChecked (James M Snell) [#&#8203;56888](nodejs/node#56888)
-   \[[`c9a99df8e7`](nodejs/node@c9a99df8e7)] - **src**: improve error handling in node_url (James M Snell) [#&#8203;56886](nodejs/node#56886)
-   \[[`5c82ef3ace`](nodejs/node@5c82ef3ace)] - **src**: add memory retainer traits for external types (Chengzhong Wu) [#&#8203;56881](nodejs/node#56881)
-   \[[`edb194b2d5`](nodejs/node@edb194b2d5)] - **src**: prevent URLPattern property accessors from crashing on invalid this (James M Snell) [#&#8203;56877](nodejs/node#56877)
-   \[[`9624049414`](nodejs/node@9624049414)] - **src**: pull in more electron boringssl adjustments (James M Snell) [#&#8203;56858](nodejs/node#56858)
-   \[[`f8910e384d`](nodejs/node@f8910e384d)] - **src**: make multiple improvements to node_url_pattern (James M Snell) [#&#8203;56871](nodejs/node#56871)
-   \[[`94a0237b18`](nodejs/node@94a0237b18)] - **src**: clean up some obsolete crypto methods (James M Snell) [#&#8203;56792](nodejs/node#56792)
-   \[[`b240ca67b9`](nodejs/node@b240ca67b9)] - **src**: add check for Bignum in GroupOrderSize (Burkov Egor) [#&#8203;56702](nodejs/node#56702)
-   \[[`45692e9c7c`](nodejs/node@45692e9c7c)] - **src, deps**: port electron's boringssl workarounds (James M Snell) [#&#8203;56812](nodejs/node#56812)
-   \[[`a9d80d43cb`](nodejs/node@a9d80d43cb)] - **(SEMVER-MINOR)** **src, quic**: refine more of the quic implementation (James M Snell) [#&#8203;56328](nodejs/node#56328)
-   \[[`93d0beb6c8`](nodejs/node@93d0beb6c8)] - **src,test**: expand test coverage for urlpattern and fix error (James M Snell) [#&#8203;56878](nodejs/node#56878)
-   \[[`5a9732e1d0`](nodejs/node@5a9732e1d0)] - **test**: improve timeout duration for debugger events (Yagiz Nizipli) [#&#8203;56970](nodejs/node#56970)
-   \[[`60c8fc07ff`](nodejs/node@60c8fc07ff)] - **test**: remove unnecessary syscall to cpuinfo (Yagiz Nizipli) [#&#8203;56968](nodejs/node#56968)
-   \[[`40cdf756e6`](nodejs/node@40cdf756e6)] - **test**: update webstorage wpt (Yagiz Nizipli) [#&#8203;56963](nodejs/node#56963)
-   \[[`de77371a9e`](nodejs/node@de77371a9e)] - **test**: execute shell directly for refresh() (Yagiz Nizipli) [#&#8203;55051](nodejs/node#55051)
-   \[[`f4254b8e70`](nodejs/node@f4254b8e70)] - **test**: automatically sync wpt urlpattern tests (Jonas) [#&#8203;56949](nodejs/node#56949)
-   \[[`a473d3f57a`](nodejs/node@a473d3f57a)] - **test**: update snapshots for amaro v0.3.2 (Marco Ippolito) [#&#8203;56916](nodejs/node#56916)
-   \[[`abca97f7e2`](nodejs/node@abca97f7e2)] - **test**: change jenkins reporter (Carlos Espa) [#&#8203;56808](nodejs/node#56808)
-   \[[`7c9fa11127`](nodejs/node@7c9fa11127)] - **test**: fix race condition in test-child-process-bad-stdio (Colin Ihrig) [#&#8203;56845](nodejs/node#56845)
-   \[[`b8b6e68836`](nodejs/node@b8b6e68836)] - **(SEMVER-MINOR)** **test**: add WPT for URLPattern (Yagiz Nizipli) [#&#8203;56452](nodejs/node#56452)
-   \[[`b6d3d52e20`](nodejs/node@b6d3d52e20)] - **test**: adjust check to use OpenSSL sec level (Michael Dawson) [#&#8203;56819](nodejs/node#56819)
-   \[[`3beac87f92`](nodejs/node@3beac87f92)] - **test**: test-crypto-scrypt.js doesn't need internals (Meghan Denny) [#&#8203;56673](nodejs/node#56673)
-   \[[`3af23a10f3`](nodejs/node@3af23a10f3)] - **test**: set `test-fs-cp` as flaky (Stefan Stojanovic) [#&#8203;56799](nodejs/node#56799)
-   \[[`1146f48f67`](nodejs/node@1146f48f67)] - **test**: search cctest files (Chengzhong Wu) [#&#8203;56791](nodejs/node#56791)
-   \[[`86c199b25a`](nodejs/node@86c199b25a)] - **test**: convert test_encoding_binding.cc to a JS test (Chengzhong Wu) [#&#8203;56791](nodejs/node#56791)
-   \[[`bd5484717c`](nodejs/node@bd5484717c)] - **test**: test-crypto-prime.js doesn't need internals (Meghan Denny) [#&#8203;56675](nodejs/node#56675)
-   \[[`f5f54414e4`](nodejs/node@f5f54414e4)] - **test**: temporary remove resource check from fs read-write (Rafael Gonzaga) [#&#8203;56789](nodejs/node#56789)
-   \[[`c8bd2ba0ad`](nodejs/node@c8bd2ba0ad)] - **test**: mark test-without-async-context-frame flaky on windows (James M Snell) [#&#8203;56753](nodejs/node#56753)
-   \[[`2c2e4a4ae0`](nodejs/node@2c2e4a4ae0)] - **test**: remove unnecessary code (Luigi Pinca) [#&#8203;56784](nodejs/node#56784)
-   \[[`4606a5f79b`](nodejs/node@4606a5f79b)] - **test**: mark `test-esm-loader-hooks-inspect-wait` flaky (Richard Lau) [#&#8203;56803](nodejs/node#56803)
-   \[[`38c77e3462`](nodejs/node@38c77e3462)] - **test**: update WPT for url to [`a23788b`](nodejs/node@a23788b77a) (Node.js GitHub Bot) [#&#8203;56779](nodejs/node#56779)
-   \[[`50ebd5fd31`](nodejs/node@50ebd5fd31)] - **test**: remove duplicate error reporter from ci (Carlos Espa) [#&#8203;56739](nodejs/node#56739)
-   \[[`0c3ae25aec`](nodejs/node@0c3ae25aec)] - **test_runner**: print formatted errors on summary (Pietro Marchini) [#&#8203;56911](nodejs/node#56911)
-   \[[`b5a8a812fb`](nodejs/node@b5a8a812fb)] - **tools**: bump eslint version (dependabot\[bot]) [#&#8203;56869](nodejs/node#56869)
-   \[[`e1f86c1b9d`](nodejs/node@e1f86c1b9d)] - **tools**: remove test-asan/ubsan workflows (Michaël Zasso) [#&#8203;56823](nodejs/node#56823)
-   \[[`405a6678b7`](nodejs/node@405a6678b7)] - **tools**: run macOS test workflow with Xcode 16.1 (Michaël Zasso) [#&#8203;56831](nodejs/node#56831)
-   \[[`16529c130f`](nodejs/node@16529c130f)] - **tools**: update sccache and sccache-action (Michaël Zasso) [#&#8203;56815](nodejs/node#56815)
-   \[[`fe004111ea`](nodejs/node@fe004111ea)] - **tools**: fix license-builder for inspector_protocol (Michaël Zasso) [#&#8203;56814](nodejs/node#56814)
-   \[[`bc97a90176`](nodejs/node@bc97a90176)] - **(SEMVER-MINOR)** **url**: add URLPattern implementation (Yagiz Nizipli) [#&#8203;56452](nodejs/node#56452)
-   \[[`77294d8918`](nodejs/node@77294d8918)] - **util**: enforce shouldColorize in styleText array arg (Marco Ippolito) [#&#8203;56722](nodejs/node#56722)
-   \[[`8e6c191601`](nodejs/node@8e6c191601)] - **zlib**: use modern class syntax for zstd classes (Yagiz Nizipli) [#&#8203;56965](nodejs/node#56965)
-   \[[`a3ca7f37a2`](nodejs/node@a3ca7f37a2)] - **zlib**: make all zstd functions experimental (Yagiz Nizipli) [#&#8203;56964](nodejs/node#56964)
-   \[[`4cc7907738`](nodejs/node@4cc7907738)] - **(SEMVER-MINOR)** **zlib**: add zstd support (Jan Krems) [#&#8203;52100](nodejs/node#52100)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNjkuMyIsInVwZGF0ZWRJblZlciI6IjM5LjE2OS4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
aduh95 pushed a commit that referenced this pull request Apr 2, 2025
The X509 structures are never freed. Use ncrypto::X509Pointer to
manage it automatically and move the X509* to PEM conversion into
a helper to be reused by integration in other systems.

PR-URL: #56832
Reviewed-By: James M Snell <[email protected]>
RafaelGSS pushed a commit that referenced this pull request Apr 16, 2025
The X509 structures are never freed. Use ncrypto::X509Pointer to
manage it automatically and move the X509* to PEM conversion into
a helper to be reused by integration in other systems.

PR-URL: #56832
Reviewed-By: James M Snell <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants