diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-02-03 13:45:05 +0100 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-02-03 13:45:05 +0100 |
| commit | 788da6894fac5b20d183ce5afbab3bacd7ddeaca (patch) | |
| tree | a8ab23792a993d5eaf20a73d97dbd8b62fcc6239 | |
| parent | 9f358f809d1db46f3206d4a09a5366f13c93e777 (diff) | |
| download | nixlib-788da6894fac5b20d183ce5afbab3bacd7ddeaca.tar nixlib-788da6894fac5b20d183ce5afbab3bacd7ddeaca.tar.gz nixlib-788da6894fac5b20d183ce5afbab3bacd7ddeaca.tar.bz2 nixlib-788da6894fac5b20d183ce5afbab3bacd7ddeaca.tar.lz nixlib-788da6894fac5b20d183ce5afbab3bacd7ddeaca.tar.xz nixlib-788da6894fac5b20d183ce5afbab3bacd7ddeaca.tar.zst nixlib-788da6894fac5b20d183ce5afbab3bacd7ddeaca.zip | |
openssl: Compile in /etc/ssl/certs/ca-certificates.crt
| -rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 14 | ||||
| -rw-r--r-- | pkgs/development/libraries/openssl/use-etc-ssl-certs.patch | 13 |
2 files changed, 23 insertions, 4 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index be224fd54eb5..e37bdf855dc5 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchurl, perl , withCryptodev ? false, cryptodevHeaders -, defaultCertificate ? "/etc/ssl/certs/ca-certificates.crt" }: +}: with stdenv.lib; let @@ -21,7 +21,9 @@ stdenv.mkDerivation rec { outputs = [ "out" "man" ]; - patches = optional stdenv.isCygwin ./1.0.1-cygwin64.patch + patches = + [ ./use-etc-ssl-certs.patch ] + ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch ++ optional (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem")) ./darwin-arch.patch; nativeBuildInputs = [ perl ]; @@ -60,8 +62,7 @@ stdenv.mkDerivation rec { # remove dependency on Perl at runtime rm -r $out/etc/ssl/misc $out/bin/c_rehash - # configure the default trust store - ${optionalString (defaultCertificate != null) "ln -s ${defaultCertificate} $out/etc/ssl/cert.pem"} + rmdir $out/etc/ssl/certs ''; postFixup = '' @@ -72,6 +73,11 @@ stdenv.mkDerivation rec { fi ''; + setupHook = builtins.toFile "openssl-setup-hook" + '' + export SSL_CERT_FILE=/no-cert-file.crt + ''; + crossAttrs = { # upstream patch: https://rt.openssl.org/Ticket/Display.html?id=2558 postPatch = '' diff --git a/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch b/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch new file mode 100644 index 000000000000..813c6bdf44ab --- /dev/null +++ b/pkgs/development/libraries/openssl/use-etc-ssl-certs.patch @@ -0,0 +1,13 @@ +diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h +--- openssl-1.0.1r-orig/crypto/cryptlib.h 2016-01-28 14:38:30.000000000 +0100 ++++ openssl-1.0.1r/crypto/cryptlib.h 2016-02-03 12:54:29.193165176 +0100 +@@ -81,8 +81,8 @@ + + # ifndef OPENSSL_SYS_VMS + # define X509_CERT_AREA OPENSSLDIR + # define X509_CERT_DIR OPENSSLDIR "/certs" +-# define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++# define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt" + # define X509_PRIVATE_DIR OPENSSLDIR "/private" + # else + # define X509_CERT_AREA "SSLROOT:[000000]" |