diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2016-10-14 12:04:28 +0200 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2016-10-14 12:06:10 +0200 |
commit | 942dbf89c6120cb5b52fb2ab456855d1fbf2994e (patch) | |
tree | 2abe1536e2d47fc0c8ace6da13dbea1de0f92ac8 /pkgs/development/libraries | |
parent | 027efec8798547c0e8cff7861680f9b95732c12d (diff) | |
download | nixlib-942dbf89c6120cb5b52fb2ab456855d1fbf2994e.tar nixlib-942dbf89c6120cb5b52fb2ab456855d1fbf2994e.tar.gz nixlib-942dbf89c6120cb5b52fb2ab456855d1fbf2994e.tar.bz2 nixlib-942dbf89c6120cb5b52fb2ab456855d1fbf2994e.tar.lz nixlib-942dbf89c6120cb5b52fb2ab456855d1fbf2994e.tar.xz nixlib-942dbf89c6120cb5b52fb2ab456855d1fbf2994e.tar.zst nixlib-942dbf89c6120cb5b52fb2ab456855d1fbf2994e.zip |
openssl, curl, git: Respect $NIX_SSL_CERT_FILE
$NIX_SSL_CERT_FILE overrides $SSL_CERT_FILE, which in turn overrides the default CA path (/etc/ssl/certs/ca-certificates.crt). This allows Nix to set a CA path without interfering with other packages (such as Homebrew). See https://github.com/NixOS/nix/issues/921.
Diffstat (limited to 'pkgs/development/libraries')
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 1 | ||||
-rw-r--r-- | pkgs/development/libraries/openssl/nix-ssl-cert-file.patch | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index ea89bb859e5f..6aefc8b79723 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -19,6 +19,7 @@ let patches = (args.patches or []) + ++ [ ./nix-ssl-cert-file.patch ] ++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch ++ optional diff --git a/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch b/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch new file mode 100644 index 000000000000..4b3c6f458b4c --- /dev/null +++ b/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch @@ -0,0 +1,15 @@ +diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c +--- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200 ++++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200 +@@ -97,7 +97,10 @@ + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = (char *)getenv(X509_get_default_cert_file_env()); ++ file = (char *)getenv("NIX_SSL_CERT_FILE"); ++ if (!file) ++ file = (char *)getenv(X509_get_default_cert_file_env()); ++ fprintf(stderr, "OPEN %s", file); + if (file) + ok = (X509_load_cert_crl_file(ctx, file, + X509_FILETYPE_PEM) != 0); |