git, openssl, curl: Respect $NIX_SSL_CERT_FILE

Slightly modified version of 942dbf89c6
2017-03-20 14:11:20 +01:00 · 2017-03-20 14:11:20 +01:00 · c3c9412c7d
commit c3c9412c7d
parent 72dc9c7f80
5 changed files with 35 additions and 3 deletions
--- a/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch
+++ b/pkgs/applications/version-management/git-and-tools/git/ssl-cert-file.patch
@ -1,11 +1,14 @@
 diff -ru git-2.7.4-orig/http.c git-2.7.4/http.c
 --- git-2.7.4-orig/http.c	2016-03-17 21:47:59.000000000 +0100
 +++ git-2.7.4/http.c	2016-04-12 11:38:33.187070848 +0200
-@@ -544,6 +544,7 @@
+@@ -544,6 +544,10 @@
 #if LIBCURL_VERSION_NUM >= 0x070908
 	set_from_env(&ssl_capath, "GIT_SSL_CAPATH");
 #endif
-+	set_from_env(&ssl_cainfo, "SSL_CERT_FILE");
+	if (getenv("NIX_SSL_CERT_FILE"))
 +	  set_from_env(&ssl_cainfo, "NIX_SSL_CERT_FILE");
 +	else
 +	  set_from_env(&ssl_cainfo, "SSL_CERT_FILE");
 	set_from_env(&ssl_cainfo, "GIT_SSL_CAINFO");
 	set_from_env(&user_agent, "GIT_HTTP_USER_AGENT");
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@ -19,6 +19,7 @@ let
    patches =
      (args.patches or [])
      ++ [ ./nix-ssl-cert-file.patch ]
      ++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch
      ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch
      ++ optional
--- a/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch
+++ b/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch
@ -0,0 +1,14 @@
 diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c
 --- openssl-1.0.2j-orig/crypto/x509/by_file.c	2016-09-26 11:49:07.000000000 +0200
 +++ openssl-1.0.2j/crypto/x509/by_file.c	2016-10-13 16:54:31.400288302 +0200
@@ -97,7 +97,9 @@
     switch (cmd) {
     case X509_L_FILE_LOAD:
         if (argl == X509_FILETYPE_DEFAULT) {
 -            file = (char *)getenv(X509_get_default_cert_file_env());
 +            file = (char *)getenv("NIX_SSL_CERT_FILE");
 +            if (!file)
 +                file = (char *)getenv(X509_get_default_cert_file_env());
             if (file)
                 ok = (X509_load_cert_crl_file(ctx, file,
                                               X509_FILETYPE_PEM) != 0);
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
    sha256 = "1s1hyndva0yp62xy96pcp4anzrvw6cl0abjajim17sbmdp00fwhw";
  };
-  patches = [ ];
+  patches = [ ./nix-ssl-cert-file.patch ];
  outputs = [ "bin" "dev" "out" "man" "devdoc" ];
--- a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
+++ b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
@ -0,0 +1,14 @@
 diff -ru -x '*~' curl-7.50.3-orig/src/tool_operate.c curl-7.50.3/src/tool_operate.c
 --- curl-7.50.3-orig/src/tool_operate.c	2016-09-06 23:25:06.000000000 +0200
 +++ curl-7.50.3/src/tool_operate.c	2016-10-14 11:51:48.999943142 +0200
@@ -269,7 +269,9 @@
         capath_from_env = true;
       }
       else {
 -        env = curlx_getenv("SSL_CERT_FILE");
 +        env = curlx_getenv("NIX_SSL_CERT_FILE");
 +        if(!env)
 +          env = curlx_getenv("SSL_CERT_FILE");
         if(env) {
           config->cacert = strdup(env);
           if(!config->cacert) {