openssl, curl, git: Respect $NIX_SSL_CERT_FILE

$NIX_SSL_CERT_FILE overrides $SSL_CERT_FILE, which in turn overrides
the default CA path (/etc/ssl/certs/ca-certificates.crt). This allows
Nix to set a CA path without interfering with other packages (such as
Homebrew).

See https://github.com/NixOS/nix/issues/921.

2 files changed, 16 insertions, 0 deletions

diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index 958bea34e7d3..d1936cb11ad3 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -25,6 +25,8 @@ stdenv.mkDerivation rec {
     sha256 = "1v6q83qsrf7dgp3y5fa5vkppgqyy82pnsk8z9b4047b6fvclfwvv";
   };
 
+  patches = [ ./nix-ssl-cert-file.patch ];
+
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];
 
   nativeBuildInputs = [ pkgconfig perl ];
diff --git a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
new file mode 100644
index 000000000000..20c408bfae23
--- /dev/null
+++ b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
@@ -0,0 +1,14 @@
+diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c
+--- curl-7.50.3-orig/src/tool_operate.c	2016-09-06 23:25:06.000000000 +0200
++++ curl-7.50.3/src/tool_operate.c	2016-10-14 11:51:48.999943142 +0200
+@@ -269,7 +269,9 @@
+         capath_from_env = true;
+       }
+       else {
+-        env = curlx_getenv("SSL_CERT_FILE");
++        env = curlx_getenv("NIX_SSL_CERT_FILE");
++        if(!env)
++          env = curlx_getenv("SSL_CERT_FILE");
+         if(env) {
+           config->cacert = strdup(env);
+           if(!config->cacert) {