openssl, curl, git: Respect $NIX_SSL_CERT_FILE
$NIX_SSL_CERT_FILE overrides $SSL_CERT_FILE, which in turn overrides the default CA path (/etc/ssl/certs/ca-certificates.crt). This allows Nix to set a CA path without interfering with other packages (such as Homebrew). See https://github.com/NixOS/nix/issues/921.
This commit is contained in:
parent
027efec879
commit
942dbf89c6
@ -1,11 +1,14 @@
|
||||
diff -ru git-2.7.4-orig/http.c git-2.7.4/http.c
|
||||
--- git-2.7.4-orig/http.c 2016-03-17 21:47:59.000000000 +0100
|
||||
+++ git-2.7.4/http.c 2016-04-12 11:38:33.187070848 +0200
|
||||
@@ -544,6 +544,7 @@
|
||||
@@ -544,6 +544,10 @@
|
||||
#if LIBCURL_VERSION_NUM >= 0x070908
|
||||
set_from_env(&ssl_capath, "GIT_SSL_CAPATH");
|
||||
#endif
|
||||
+ set_from_env(&ssl_cainfo, "SSL_CERT_FILE");
|
||||
+ if (getenv("NIX_SSL_CERT_FILE"))
|
||||
+ set_from_env(&ssl_cainfo, "NIX_SSL_CERT_FILE");
|
||||
+ else
|
||||
+ set_from_env(&ssl_cainfo, "SSL_CERT_FILE");
|
||||
set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO");
|
||||
|
||||
set_from_env(&user_agent, "GIT_HTTP_USER_AGENT");
|
||||
|
@ -19,6 +19,7 @@ let
|
||||
|
||||
patches =
|
||||
(args.patches or [])
|
||||
++ [ ./nix-ssl-cert-file.patch ]
|
||||
++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch
|
||||
++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch
|
||||
++ optional
|
||||
|
15
pkgs/development/libraries/openssl/nix-ssl-cert-file.patch
Normal file
15
pkgs/development/libraries/openssl/nix-ssl-cert-file.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c
|
||||
--- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200
|
||||
+++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200
|
||||
@@ -97,7 +97,10 @@
|
||||
switch (cmd) {
|
||||
case X509_L_FILE_LOAD:
|
||||
if (argl == X509_FILETYPE_DEFAULT) {
|
||||
- file = (char *)getenv(X509_get_default_cert_file_env());
|
||||
+ file = (char *)getenv("NIX_SSL_CERT_FILE");
|
||||
+ if (!file)
|
||||
+ file = (char *)getenv(X509_get_default_cert_file_env());
|
||||
+ fprintf(stderr, "OPEN %s", file);
|
||||
if (file)
|
||||
ok = (X509_load_cert_crl_file(ctx, file,
|
||||
X509_FILETYPE_PEM) != 0);
|
@ -25,6 +25,8 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "1v6q83qsrf7dgp3y5fa5vkppgqyy82pnsk8z9b4047b6fvclfwvv";
|
||||
};
|
||||
|
||||
patches = [ ./nix-ssl-cert-file.patch ];
|
||||
|
||||
outputs = [ "bin" "dev" "out" "man" "devdoc" ];
|
||||
|
||||
nativeBuildInputs = [ pkgconfig perl ];
|
||||
|
14
pkgs/tools/networking/curl/nix-ssl-cert-file.patch
Normal file
14
pkgs/tools/networking/curl/nix-ssl-cert-file.patch
Normal file
@ -0,0 +1,14 @@
|
||||
diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c
|
||||
--- curl-7.50.3-orig/src/tool_operate.c 2016-09-06 23:25:06.000000000 +0200
|
||||
+++ curl-7.50.3/src/tool_operate.c 2016-10-14 11:51:48.999943142 +0200
|
||||
@@ -269,7 +269,9 @@
|
||||
capath_from_env = true;
|
||||
}
|
||||
else {
|
||||
- env = curlx_getenv("SSL_CERT_FILE");
|
||||
+ env = curlx_getenv("NIX_SSL_CERT_FILE");
|
||||
+ if(!env)
|
||||
+ env = curlx_getenv("SSL_CERT_FILE");
|
||||
if(env) {
|
||||
config->cacert = strdup(env);
|
||||
if(!config->cacert) {
|
Loading…
Reference in New Issue
Block a user