diff options
author | Vladimír Čunát <v@cunat.cz> | 2019-04-22 10:49:11 +0200 |
---|---|---|
committer | Daiderd Jordan <daiderd@gmail.com> | 2019-04-22 16:43:45 +0200 |
commit | 39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f (patch) | |
tree | 1672af651aad4bc0a846e7c0adfc4119f8c55d32 /pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch | |
parent | 33e7d721b6400aefacf1e138380836accc376229 (diff) | |
download | nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar.gz nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar.bz2 nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar.lz nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar.xz nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar.zst nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.zip |
gnutls: respect NIX_SSL_CERT_FILE, same as our openssl
The patch should work fine, regardless of the Darwin patch being applied.
Diffstat (limited to 'pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch')
-rw-r--r-- | pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch new file mode 100644 index 00000000000..90d1e85ee8c --- /dev/null +++ b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch @@ -0,0 +1,19 @@ +allow overriding system trust store location via $NIX_SSL_CERT_FILE + +diff --git a/lib/system/certs.c b/lib/system/certs.c +index 611c645..6ef6edb 100644 +--- a/lib/system/certs.c ++++ b/lib/system/certs.c +@@ -369,6 +369,11 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list, + unsigned int tl_flags, + unsigned int tl_vflags) + { +- return add_system_trust(list, tl_flags|GNUTLS_TL_NO_DUPLICATES, tl_vflags); ++ tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES; ++ const char *file = secure_getenv("NIX_SSL_CERT_FILE"); ++ return file ++ ? gnutls_x509_trust_list_add_trust_file( ++ list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags) ++ : add_system_trust(list, tl_flags, tl_vflags); + } + |