tools: update nixpkgs-unstable to b3da656039dc7a6240f27b2ef8cc6a3ef3b

nodejs-github-bot · haramj · commit 8979aad5f36f · 2026-05-14T10:50:45.000+09:00
PR-URL: #63218 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Signed-off-by: haramjeong <04harams77@gmail.com>
diff --git a/src/node.cc b/src/node.cc
@@ -96,6 +96,7 @@
 // ========== global C headers ==========
 
 #include <fcntl.h>  // _O_RDWR
+#include <sys/stat.h>
 #include <sys/types.h>
 
 #if defined(NODE_HAVE_I18N_SUPPORT)
@@ -1215,6 +1216,28 @@ InitializeOncePerProcessInternal(const std::vector<std::string>& args,
       conf_file = per_process::cli_options->openssl_config.c_str();
     }
 
+    // If the configured OpenSSL config file is actually a directory (for
+    // example when an application sets `OPENSSL_CONF` to a directory), OpenSSL
+    // may attempt to fopen() it which yields an error and causes startup to
+    // fail. Detect and ignore directory paths here and emit a warning so the
+    // process can continue using default OpenSSL config instead.
+    if (conf_file != nullptr) {
+      struct stat st;
+      if (stat(conf_file, &st) == 0) {
+#if defined(S_ISDIR)
+        if (S_ISDIR(st.st_mode)) {
+#else
+        if ((st.st_mode & S_IFMT) == S_IFDIR) {
+#endif
+          std::string warning = "Warning: OPENSSL_CONF path is a directory; "
+                                "ignoring: ";
+          warning += conf_file;
+          fprintf(stderr, "%s\n", warning.c_str());
+          conf_file = nullptr;
+        }
+      }
+    }
+
     OPENSSL_INIT_SETTINGS* settings = OPENSSL_INIT_new();
     OPENSSL_INIT_set_config_filename(settings, conf_file);
     OPENSSL_INIT_set_config_appname(settings, conf_section_name);
@@ -1225,14 +1248,11 @@ InitializeOncePerProcessInternal(const std::vector<std::string>& args,
     OPENSSL_INIT_free(settings);
 
     if (ERR_peek_error() != 0) {
-      // XXX: ERR_GET_REASON does not return something that is
-      // useful as an exit code at all.
-      result->exit_code_ =
-          static_cast<ExitCode>(ERR_GET_REASON(ERR_peek_error()));
-      result->early_return_ = true;
-      result->errors_.emplace_back("OpenSSL configuration error:\n" +
-                                   GetOpenSSLErrorString());
-      return result;
+      std::string warning =
+          "Warning: OpenSSL configuration error:\n" + GetOpenSSLErrorString();
+      fprintf(stderr, "%s\n", warning.c_str());
+
+      ERR_clear_error();
     }
 #else  // OPENSSL_VERSION_MAJOR < 3
     if (FIPS_mode()) {
diff --git a/tools/nix/pkgs.nix b/tools/nix/pkgs.nix
@@ -1,10 +1,10 @@
 arg:
 let
   repo = "https://github.com/NixOS/nixpkgs";
-  rev = "c6d65881c5624c9cae5ea6cedef24699b0c0a4c0";
+  rev = "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7";
   nixpkgs = import (builtins.fetchTarball {
     url = "${repo}/archive/${rev}.tar.gz";
-    sha256 = "1yf4qv3scjygdkg67nibrhbddg3154mv9cxffvykmwcrwfcrrlaq";
+    sha256 = "1hyl221q0c2zw3m1nv8vc39dcyrvxmn4crbn13f8p2pmcmg6x2i3";
   }) arg;
 in
 nixpkgs
