curl, git: Fix curl default CA, let git use it

Improve patching of curl to use NIX_SSL_CERT_FILE as default CA
Remove patches from git, as git uses curl and passes its environment
variables to curl.

1 files changed, 27 insertions, 4 deletions

diff --git a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
index 20c408bfae23..14eaea7071bf 100644
--- a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
+++ b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
@@ -1,7 +1,30 @@
-diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c
---- curl-7.50.3-orig/src/tool_operate.c	2016-09-06 23:25:06.000000000 +0200
-+++ curl-7.50.3/src/tool_operate.c	2016-10-14 11:51:48.999943142 +0200
-@@ -269,7 +269,9 @@
+diff --git a/lib/url.c b/lib/url.c
+index 03feaa20f..43d3baa80 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -574,11 +574,15 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
+ 
+   /* This is our preferred CA cert bundle/path since install time */
+ #if defined(CURL_CA_BUNDLE)
+-  result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE);
++  char* env = curl_getenv("NIX_SSL_CERT_FILE");
++  if (!env)
++      env = CURL_CA_BUNDLE;
++
++  result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], env);
+   if(result)
+     return result;
+ 
+-  result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE);
++  result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], env);
+   if(result)
+     return result;
+ #endif
+diff --git a/src/tool_operate.c b/src/tool_operate.c
+index 572c8d0cc..ca4fb31cb 100644
+--- a/src/tool_operate.c
++++ b/src/tool_operate.c
+@@ -265,7 +265,9 @@ static CURLcode operate_do(struct GlobalConfig *global,
          capath_from_env = true;
        }
        else {