From c86f05e7ce13e64238960ebf3ee9706142db961b Mon Sep 17 00:00:00 2001 From: Guillaume Maudoux Date: Wed, 22 Mar 2017 12:09:09 +0100 Subject: [PATCH] openssl: default to default profile CA on darwin --- pkgs/development/libraries/openssl/default.nix | 3 ++- .../openssl/use-etc-ssl-certs-darwin.patch | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 947c0e30f993..a9f8c32dde9b 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -20,7 +20,8 @@ let patches = (args.patches or []) ++ [ ./nix-ssl-cert-file.patch ] - ++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch + ++ optional (versionOlder version "1.1.0") + (if stdenv.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch ++ optional (versionOlder version "1.0.2" && (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem"))) diff --git a/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch b/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch new file mode 100644 index 000000000000..3d9ee7e6a822 --- /dev/null +++ b/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch @@ -0,0 +1,13 @@ +diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h +--- openssl-1.0.1r-orig/crypto/cryptlib.h 2016-01-28 14:38:30.000000000 +0100 ++++ openssl-1.0.1r/crypto/cryptlib.h 2016-02-03 12:54:29.193165176 +0100 +@@ -81,8 +81,8 @@ + + # ifndef OPENSSL_SYS_VMS + # define X509_CERT_AREA OPENSSLDIR + # define X509_CERT_DIR OPENSSLDIR "/certs" +-# define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++# define X509_CERT_FILE "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" + # define X509_PRIVATE_DIR OPENSSLDIR "/private" + # else + # define X509_CERT_AREA "SSLROOT:[000000]"