@@ -838,6 +838,23 @@ static std::vector<X509*>& GetExtraCACertificates() {
|
838 | 838 | } |
839 | 839 | |
840 | 840 | static void LoadCACertificates(void* data) { |
| 841 | +per_process::Debug(DebugCategory::CRYPTO, |
| 842 | +"Started loading bundled root certificates off-thread\n"); |
| 843 | +GetBundledRootCertificates(); |
| 844 | + |
| 845 | +if (!extra_root_certs_file.empty()) { |
| 846 | +per_process::Debug(DebugCategory::CRYPTO, |
| 847 | +"Started loading extra root certificates off-thread\n"); |
| 848 | +GetExtraCACertificates(); |
| 849 | + } |
| 850 | + |
| 851 | + { |
| 852 | + Mutex::ScopedLock cli_lock(node::per_process::cli_options_mutex); |
| 853 | +if (!per_process::cli_options->use_system_ca) { |
| 854 | +return; |
| 855 | + } |
| 856 | + } |
| 857 | + |
841 | 858 | per_process::Debug(DebugCategory::CRYPTO, |
842 | 859 | "Started loading system root certificates off-thread\n"); |
843 | 860 | GetSystemStoreCACertificates(); |
@@ -856,9 +873,12 @@ void StartLoadingCertificatesOffThread(
|
856 | 873 | // Get*CACertificates() functions has a function-local static and any |
857 | 874 | // actual user of it will wait for that to complete initialization. |
858 | 875 | |
| 876 | +// --use-openssl-ca is mutually exclusive with --use-bundled-ca and |
| 877 | +// --use-system-ca. If it's set, no need to optimize with off-thread |
| 878 | +// loading. |
859 | 879 | { |
860 | 880 | Mutex::ScopedLock cli_lock(node::per_process::cli_options_mutex); |
861 | | -if (!per_process::cli_options->use_system_ca) { |
| 881 | +if (!per_process::cli_options->ssl_openssl_cert_store) { |
862 | 882 | return; |
863 | 883 | } |
864 | 884 | } |
|