* Provide a bundle of CA certificates in /etc/ca-bundle.crt, and set

  the CURL_CA_BUNDLE environment variable.  This allows curl to work
  without the `-k' flag on https sites with a properly signed
  certificate.

svn path=/nixos/trunk/; revision=19572

1 files changed, 21 insertions, 0 deletions

diff --git a/modules/security/ca.nix b/modules/security/ca.nix
new file mode 100644
index 00000000000..efa32f5e8f3
--- /dev/null
+++ b/modules/security/ca.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  config = {
+
+    environment.etc = singleton
+      { source = "${pkgs.cacert}/etc/ca-bundle.crt";
+        target = "ca-bundle.crt";
+      };
+
+    environment.shellInit =
+      ''
+        export CURL_CA_BUNDLE=/etc/ca-bundle.crt
+      '';
+      
+  };
+
+}