• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1A handful of native addons require linking to OpenSSL in one way or another. This introduces a small challenge since node will sometimes bundle OpenSSL statically (the default for node >= v0.8.x), or sometimes dynamically link to the system OpenSSL (default for node <= v0.6.x).
2
3Good native addons should account for both scenarios. It's recommended that you use the `binding.gyp` file provided below as a starting-point for any addon that needs to use OpenSSL:
4
5``` python
6{
7  'variables': {
8    # node v0.6.x doesn't give us its build variables,
9    # but on Unix it was only possible to use the system OpenSSL library,
10    # so default the variable to "true", v0.8.x node and up will overwrite it.
11    'node_shared_openssl%': 'true'
12  },
13  'targets': [
14    {
15      'target_name': 'binding',
16      'sources': [
17        'src/binding.cc'
18      ],
19      'conditions': [
20        ['node_shared_openssl=="false"', {
21          # so when "node_shared_openssl" is "false", then OpenSSL has been
22          # bundled into the node executable. So we need to include the same
23          # header files that were used when building node.
24          'include_dirs': [
25            '<(node_root_dir)/deps/openssl/openssl/include'
26          ],
27          "conditions" : [
28            ["target_arch=='ia32'", {
29              "include_dirs": [ "<(node_root_dir)/deps/openssl/config/piii" ]
30            }],
31            ["target_arch=='x64'", {
32              "include_dirs": [ "<(node_root_dir)/deps/openssl/config/k8" ]
33            }],
34            ["target_arch=='arm'", {
35              "include_dirs": [ "<(node_root_dir)/deps/openssl/config/arm" ]
36            }]
37          ]
38        }]
39      ]
40    }
41  ]
42}
43```
44
45This ensures that when OpenSSL is statically linked into `node` then, the bundled OpenSSL headers are included, but when the system OpenSSL is in use, then only those headers will be used.
46
47## Windows?
48
49As you can see this baseline `binding.gyp` file only accounts for the Unix scenario. Currently on Windows the situation is a little less ideal. On Windows, OpenSSL is _always_ statically compiled into the `node` executable, so ideally it would be possible to use that copy of OpenSSL when building native addons.
50
51Unfortunately it doesn't seem like that is possible at the moment, as there would need to be tweaks made to the generated `node.lib` file to include the openssl glue functions, or a new `openssl.lib` file would need to be created during the node build. I'm not sure which is the easiest/most feasible.
52
53In the meantime, one possible solution is using another copy of OpenSSL, which is what [`node-bcrypt`](https://github.com/ncb000gt/node.bcrypt.js) currently does. Adding something like this to your `binding.gyp` file's `"conditions"` block would enable this:
54
55``` python
56    [ 'OS=="win"', {
57      'conditions': [
58        # "openssl_root" is the directory on Windows of the OpenSSL files.
59        # Check the "target_arch" variable to set good default values for
60        # both 64-bit and 32-bit builds of the module.
61        ['target_arch=="x64"', {
62          'variables': {
63            'openssl_root%': 'C:/OpenSSL-Win64'
64          },
65        }, {
66          'variables': {
67            'openssl_root%': 'C:/OpenSSL-Win32'
68          },
69        }],
70      ],
71      'libraries': [
72        '-l<(openssl_root)/lib/libeay32.lib',
73      ],
74      'include_dirs': [
75        '<(openssl_root)/include',
76      ],
77    }]
78```
79
80Now you can direct your users to install OpenSSL on Windows from here (be sure to tell them to install the 64-bit version if they're compiling against a 64-bit version of node): http://slproweb.com/products/Win32OpenSSL.html
81
82Also note that both `node-gyp` and `npm` allow you to overwrite that default `openssl_root` variable on the command line:
83
84``` bash
85$ node-gyp rebuild --openssl-root="C:\Users\Nathan\Desktop\openssl"
86```