How to use OpenSSL other version in addon.node?

[chinadeanls]

Version

18.18.0

Platform

Microsoft Windows NT 10.0.19045.0 x64

Subsystem

No response

What steps will reproduce the bug?

when i build xxx.node, and linking openssl lib. i got '3.0.10+quic' version in the xxx.node, but my openssl version is 'OpenSSL 3.0.3'.

How often does it reproduce? Is there a required condition?

every time

What is the expected behavior? Why is that the expected behavior?

build 'xxx.node' with other openssl

What do you see instead?

nothing

Additional information

No response

[Zegameus]

Hi @chinadeanls
When you build a Node.js native addon (.node), it always links against the version of OpenSSL that Node.js itself was built with, unless you take explicit steps to override it.

Because you are using Node.js 18.18.0, that distribution ships its own embedded OpenSSL (3.0.10+quic).
This is why -- even if you link your own OpenSSL 3.0.3 -- your addon still ends up referencing Node’s OpenSSL version.

Now you can achieve a custom version doing one of this 2 options:

Option 1 - Link your own OpenSSL privately

What this means?

• Your addon uses your OpenSSL 3.0.3
• Node continues using its OpenSSL 3.0.10
• Both coexist safely
• You must avoid symbol collisions via symbol renaming or static linking

How you can achieve this?

Knowing that you are on Windows, first you'll have to build your own version of OpenSSL:

perl Configure VC-WIN64A --prefix=C:\openssl-install --openssldir=C:\openssl-install no-shared
nmake
nmake install

Note

In this case let's suppouse you have the openssl in C:\openssl-install

Once you have created that, you have to modify your binding.gyp file:

{
  "targets": [
    {
      "target_name": "xxx",
      "sources": [ "src/xxx.cpp" ],
      "include_dirs": [
        "C:/openssl-install/include"
      ],
      "libraries": [
        "C:/openssl-install/lib/libcrypto_static.lib",
        "C:/openssl-install/lib/libssl_static.lib"
      ],
      "defines": [
        "OPENSSL_API_COMPAT=0x30000000L",
        "OPENSSL_NO_DEPRECATED"
      ]
    }
  ]
}

Important

You cannot override Node's global OpenSSL used for TLS, HTTPS, crypto, QUIC, etc.
But you can use your privately linked OpenSSL inside your addon.

Option 2 - Build your own version of node.

If you absolutely need Node itself to use OpenSSL 3.0.3:

1. Download the git repo
2. Configure Node to use your OpenSSL
3. Rebuild Node and rebuild your addon against this Node

This guarantees your .node file will use OpenSSL 3.0.3, but:

• You must distribute your custom Node build
• Future updates are harder
• ABI compatibility may break

Most people avoid this.

Summary

This behavior is expected.
Node does not allow plugins to replace its internal OpenSSL by default, because that would break ABI compatibility and TLS internals.
But you can build your own node version or tweak the build of your node addon.

Hope this help you !