diff options
Diffstat (limited to 'nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.9.patch')
| -rw-r--r-- | nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.9.patch | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.9.patch b/nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.9.patch new file mode 100644 index 000000000000..3f27bc138c10 --- /dev/null +++ b/nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.9.patch @@ -0,0 +1,80 @@ +diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go +index 8e80533590..31c0c666ec 100644 +--- a/src/crypto/x509/root_cgo_darwin.go ++++ b/src/crypto/x509/root_cgo_darwin.go +@@ -201,11 +201,20 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { + import "C" + import ( + "errors" ++ "io/ioutil" ++ "os" + "unsafe" + ) + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + + var data C.CFDataRef = nil + var untrustedData C.CFDataRef = nil +diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go +index bc35a1cf21..21e52bec51 100644 +--- a/src/crypto/x509/root_darwin.go ++++ b/src/crypto/x509/root_darwin.go +@@ -81,18 +81,26 @@ func execSecurityRoots() (*CertPool, error) { + ) + } + +- cmd := exec.Command("/usr/bin/security", args...) +- data, err := cmd.Output() +- if err != nil { +- return nil, err +- } +- + var ( + mu sync.Mutex + roots = NewCertPool() + numVerified int // number of execs of 'security verify-cert', for debug stats + ) + ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } ++ ++ cmd := exec.Command("/usr/bin/security", args...) ++ data, err := cmd.Output() ++ if err != nil { ++ return nil, err ++ } ++ + blockCh := make(chan *pem.Block) + var wg sync.WaitGroup + +diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go +index 65b5a5fdbc..c9c7ac6a74 100644 +--- a/src/crypto/x509/root_unix.go ++++ b/src/crypto/x509/root_unix.go +@@ -37,6 +37,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + + files := certFiles + if f := os.Getenv(certFileEnv); f != "" { |