diff options
Diffstat (limited to 'pkgs/development/compilers/go/ssl-cert-file-1.8.patch')
| -rw-r--r-- | pkgs/development/compilers/go/ssl-cert-file-1.8.patch | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/pkgs/development/compilers/go/ssl-cert-file-1.8.patch b/pkgs/development/compilers/go/ssl-cert-file-1.8.patch new file mode 100644 index 000000000000..052655eed52c --- /dev/null +++ b/pkgs/development/compilers/go/ssl-cert-file-1.8.patch @@ -0,0 +1,80 @@ +diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go +index a4b33c7..9700b75 100644 +--- a/src/crypto/x509/root_cgo_darwin.go ++++ b/src/crypto/x509/root_cgo_darwin.go +@@ -151,11 +151,20 @@ int FetchPEMRoots(CFDataRef *pemRoots) { + import "C" + import ( + "errors" ++ "io/ioutil" ++ "os" + "unsafe" + ) + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + + var data C.CFDataRef = nil + err := C.FetchPEMRoots(&data) +diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go +index 66cdb5e..bb28036 100644 +--- a/src/crypto/x509/root_darwin.go ++++ b/src/crypto/x509/root_darwin.go +@@ -61,17 +61,25 @@ func execSecurityRoots() (*CertPool, error) { + println(fmt.Sprintf("crypto/x509: %d certs have a trust policy", len(hasPolicy))) + } + +- cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain") +- data, err := cmd.Output() +- if err != nil { +- return nil, err +- } +- + var ( + mu sync.Mutex + roots = NewCertPool() + numVerified int // number of execs of 'security verify-cert', for debug stats + ) + ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } ++ ++ cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain") ++ data, err := cmd.Output() ++ if err != nil { ++ return nil, err ++ } ++ + blockCh := make(chan *pem.Block) + var wg sync.WaitGroup +diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go +index 7bcb3d6..3986e1a 100644 +--- a/src/crypto/x509/root_unix.go ++++ b/src/crypto/x509/root_unix.go +@@ -24,6 +24,14 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } ++ + var firstErr error + for _, file := range certFiles { + data, err := ioutil.ReadFile(file) |