From 917ca8920da46b94867a01590423f66390a152c0 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Wed, 3 Feb 2016 13:59:10 +0100
Subject: Move setting $SSL_CERT_FILE to stdenv

Doing it in an openssl setup hook only works if packages have openssl
as a build input - it doesn't work if they're using a program linked
against openssl.
---
 pkgs/stdenv/generic/setup.sh | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'pkgs/stdenv/generic/setup.sh')

diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh
index 102a8f2f71c5..dc6c765353f7 100644
--- a/pkgs/stdenv/generic/setup.sh
+++ b/pkgs/stdenv/generic/setup.sh
@@ -371,6 +371,11 @@ export NIX_BUILD_CORES
 paxmark() { true; }
 
 
+# Prevent OpenSSL-based applications from using certificates in
+# /etc/ssl.
+export SSL_CERT_FILE=/no-cert-file.crt
+
+
 ######################################################################
 # Textual substitution functions.
 
-- 
cgit 1.4.1