crypto: handle missing OPENSSL_TLS_SECURITY_LEVEL

codebytere · anonrig · commit 621d187bea7d · 2025-09-26T19:56:58.000-04:00
PR-URL: nodejs/node#58103 Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
diff --git a/include/ncrypto.h b/include/ncrypto.h
@@ -52,8 +52,6 @@ using OPENSSL_SIZE_T = int;
 #ifdef NCRYPTO_BSSL_NEEDS_DH_PRIMES
 #include "dh-primes.h"
 #endif  // NCRYPTO_BSSL_NEEDS_DH_PRIMES
-// FIXME: This should be removed when patch 0037 is applied
-#define OPENSSL_TLS_SECURITY_LEVEL 1
 #endif  // OPENSSL_IS_BORINGSSL
 
 namespace ncrypto {
diff --git a/src/ncrypto.cpp b/src/ncrypto.cpp
@@ -2898,8 +2898,9 @@ std::optional<int> SSLPointer::getSecurityLevel() {
 
   return SSL_get_security_level(ssl);
 #else
-  // for BoringSSL assume the same as the default
-  return OPENSSL_TLS_SECURITY_LEVEL;
+  // OPENSSL_TLS_SECURITY_LEVEL is not defined in BoringSSL
+  // so assume it is the default OPENSSL_TLS_SECURITY_LEVEL value.
+  return 1;
 #endif  // OPENSSL_IS_BORINGSSL
 }
 
