0d59fc1169
Previously, the list of CA certificates was generated with a perl script which is included in curl. As this script is not very flexible, this commit refactors the expression to use the python script that Debian uses to generate their CA certificates from Mozilla's trust store in NSS. Additionally, an option was added to the cacerts derivation and the `security.pki` module to blacklist specific CAs. |
||
---|---|---|
.. | ||
default.nix |