about summary refs log tree commit diff
path: root/pkgs
diff options
context:
space:
mode:
authorVladimír Čunát <vcunat@gmail.com>2019-01-29 13:51:55 +0100
committerVladimír Čunát <vcunat@gmail.com>2019-01-29 13:51:55 +0100
commit7e6662a275c0bc1549ca849d865e88ce7dd8473c (patch)
tree69c72d8a6a7381a879f9e4f0751ee5361c0a0559 /pkgs
parenta98cebbc35278a8c92e0cb6f0c2813d814b25499 (diff)
parent6f61d8b0f65ff6514114008cfef35b5e979850f8 (diff)
downloadnixlib-7e6662a275c0bc1549ca849d865e88ce7dd8473c.tar
nixlib-7e6662a275c0bc1549ca849d865e88ce7dd8473c.tar.gz
nixlib-7e6662a275c0bc1549ca849d865e88ce7dd8473c.tar.bz2
nixlib-7e6662a275c0bc1549ca849d865e88ce7dd8473c.tar.lz
nixlib-7e6662a275c0bc1549ca849d865e88ce7dd8473c.tar.xz
nixlib-7e6662a275c0bc1549ca849d865e88ce7dd8473c.tar.zst
nixlib-7e6662a275c0bc1549ca849d865e88ce7dd8473c.zip
Merge #54438: openssl_1_1: use the same default CA path as 1.0.*
Diffstat (limited to 'pkgs')
-rw-r--r--pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch13
-rw-r--r--pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch13
-rw-r--r--pkgs/development/libraries/openssl/default.nix8
3 files changed, 33 insertions, 1 deletions
diff --git a/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch
new file mode 100644
index 000000000000..2c98ccfa7ed0
--- /dev/null
+++ b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch
@@ -0,0 +1,13 @@
+diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
+index 329ef62..9a8df64 100644
+--- a/include/internal/cryptlib.h
++++ b/include/internal/cryptlib.h
+@@ -56,7 +56,7 @@ DEFINE_LHASH_OF(MEM);
+ # ifndef OPENSSL_SYS_VMS
+ #  define X509_CERT_AREA          OPENSSLDIR
+ #  define X509_CERT_DIR           OPENSSLDIR "/certs"
+-#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
++#  define X509_CERT_FILE          "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
+ #  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+ #  define CTLOG_FILE              OPENSSLDIR "/ct_log_list.cnf"
+ # else
diff --git a/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch
new file mode 100644
index 000000000000..67d199681f96
--- /dev/null
+++ b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch
@@ -0,0 +1,13 @@
+diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
+index 329ef62..9a8df64 100644
+--- a/include/internal/cryptlib.h
++++ b/include/internal/cryptlib.h
+@@ -56,7 +56,7 @@ DEFINE_LHASH_OF(MEM);
+ # ifndef OPENSSL_SYS_VMS
+ #  define X509_CERT_AREA          OPENSSLDIR
+ #  define X509_CERT_DIR           OPENSSLDIR "/certs"
+-#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
++#  define X509_CERT_FILE          "/etc/ssl/certs/ca-certificates.crt"
+ #  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+ #  define CTLOG_FILE              OPENSSLDIR "/ct_log_list.cnf"
+ # else
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 32fd6e727f7d..0954e1b70bb7 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -134,7 +134,13 @@ in {
   openssl_1_1 = common {
     version = "1.1.1a";
     sha256 = "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w";
-    patches = [ ./1.1/nix-ssl-cert-file.patch ];
+    patches = [
+      ./1.1/nix-ssl-cert-file.patch
+
+      (if stdenv.hostPlatform.isDarwin
+       then ./1.1/use-etc-ssl-certs-darwin.patch
+       else ./1.1/use-etc-ssl-certs.patch)
+    ];
     withDocs = true;
   };