diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/stunnel.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/stunnel.nix | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/stunnel.nix b/nixpkgs/nixos/modules/services/networking/stunnel.nix index cbc899f2b4d7..ab51bba2f6ac 100644 --- a/nixpkgs/nixos/modules/services/networking/stunnel.nix +++ b/nixpkgs/nixos/modules/services/networking/stunnel.nix @@ -57,7 +57,13 @@ let }; CAPath = mkOption { - type = types.path; + type = types.nullOr types.path; + default = null; + description = "Path to a directory containing certificates to validate against."; + }; + + CAFile = mkOption { + type = types.nullOr types.path; default = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; description = "Path to a file containing certificates to validate against."; }; @@ -196,6 +202,7 @@ in verifyChain = ${yesNo v.verifyChain} verifyPeer = ${yesNo v.verifyPeer} ${optionalString (v.CAPath != null) "CApath = ${v.CAPath}"} + ${optionalString (v.CAFile != null) "CAFile = ${v.CAFile}"} ${optionalString (v.verifyHostname != null) "checkHost = ${v.verifyHostname}"} OCSPaia = yes @@ -216,6 +223,12 @@ in }; }; + meta.maintainers = with maintainers; [ + # Server side + lschuermann + # Client side + das_j + ]; }; } |