squash! src: add --openssl-legacy-module option

Rename option to openssl-legacy-provider.

Author: danbev

doc/api/cli.md

@@ -670,12 +670,13 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be
 used to enable FIPS-compliant crypto if Node.js is built
 against FIPS-enabled OpenSSL.
 
-### `--openssl-legacy-module`
+### `--openssl-legacy-provider`
 <!-- YAML
 added: REPLACEME
 -->
 
-Enable OpenSSL 3.0 legacy module.
+Enable OpenSSL 3.0 legacy provider. For more information please see
+[providers readme][].
 
 ### `--pending-deprecation`
 <!-- YAML
@@ -1470,7 +1471,7 @@ Node.js options that are allowed are:
 * `--no-warnings`
 * `--node-memory-debug`
 * `--openssl-config`
-* `--openssl-legacy-module`
+* `--openssl-legacy-provider`
 * `--pending-deprecation`
 * `--policy-integrity`
 * `--preserve-symlinks-main`
@@ -1845,6 +1846,7 @@ $ node --max-old-space-size=1536 index.js
 [emit_warning]: process.md#processemitwarningwarning-options
 [jitless]: https://v8.dev/blog/jitless
 [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html
+[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md
 [remote code execution]: https://www.owasp.org/index.php/Code_Injection
 [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure
 [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

src/crypto/crypto_util.cc

@@ -137,8 +137,8 @@ void InitCryptoOnce() {
 #endif
 
 #if OPENSSL_VERSION_MAJOR >= 3
-  // --openssl-enable-legacy
-  if (per_process::cli_options->openssl_legacy_module) {
+  // --openssl-legacy-provider
+  if (per_process::cli_options->openssl_legacy_provider) {
     OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy");
     if (legacy_provider == nullptr) {
       fprintf(stderr, "Unable to load legacy provider.\n");

src/node_options.cc

@@ -818,9 +818,9 @@ PerProcessOptionsParser::PerProcessOptionsParser(
             kAllowedInEnvironment);
 #endif
 #if OPENSSL_VERSION_MAJOR >= 3
-  AddOption("--openssl-legacy-module",
-            "enable OpenSSL 3.0 legacy module",
-            &PerProcessOptions::openssl_legacy_module,
+  AddOption("--openssl-legacy-provider",
+            "enable OpenSSL 3.0 legacy provider",
+            &PerProcessOptions::openssl_legacy_provider,
             kAllowedInEnvironment);
 
 #endif  // OPENSSL_VERSION_MAJOR

src/node_options.h

@@ -257,7 +257,7 @@ class PerProcessOptions : public Options {
   bool force_fips_crypto = false;
 #endif
 #if OPENSSL_VERSION_MAJOR >= 3
-  bool openssl_legacy_module = false;
+  bool openssl_legacy_provider = false;
 #endif
 
   // Per-process because reports can be triggered outside a known V8 context.

test/parallel/test-process-env-allowed-flags-are-documented.js

@@ -47,7 +47,7 @@ const conditionalOpts = [
     filter: (opt) => {
       return [
         '--openssl-config',
-        common.hasOpenSSL3 ? '--openssl-legacy-module' : '',
+        common.hasOpenSSL3 ? '--openssl-legacy-provider' : '',
         '--tls-cipher-list',
         '--use-bundled-ca',
         '--use-openssl-ca',