diff options
author | Vladimír Čunát <v@cunat.cz> | 2019-04-22 10:49:11 +0200 |
---|---|---|
committer | Daiderd Jordan <daiderd@gmail.com> | 2019-04-22 16:43:45 +0200 |
commit | 39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f (patch) | |
tree | 1672af651aad4bc0a846e7c0adfc4119f8c55d32 /pkgs/development/libraries/gnutls | |
parent | 33e7d721b6400aefacf1e138380836accc376229 (diff) | |
download | nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar.gz nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar.bz2 nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar.lz nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar.xz nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.tar.zst nixpkgs-39c2b6452c02ac7d3b187fc18255ad1a7d1e9e6f.zip |
gnutls: respect NIX_SSL_CERT_FILE, same as our openssl
The patch should work fine, regardless of the Darwin patch being applied.
Diffstat (limited to 'pkgs/development/libraries/gnutls')
-rw-r--r-- | pkgs/development/libraries/gnutls/default.nix | 5 | ||||
-rw-r--r-- | pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch | 19 |
2 files changed, 22 insertions, 2 deletions
diff --git a/pkgs/development/libraries/gnutls/default.nix b/pkgs/development/libraries/gnutls/default.nix index b0ddbbee30c..8a92390ca30 100644 --- a/pkgs/development/libraries/gnutls/default.nix +++ b/pkgs/development/libraries/gnutls/default.nix @@ -30,8 +30,9 @@ stdenv.mkDerivation { outputs = [ "bin" "dev" "out" "man" "devdoc" ]; outputInfo = "devdoc"; - # Disable native add_system_trust. - patches = lib.optional (isDarwin && !withSecurity) ./no-security-framework.patch; + patches = [ ./nix-ssl-cert-file.patch ] + # Disable native add_system_trust. + ++ lib.optional (isDarwin && !withSecurity) ./no-security-framework.patch; # Skip some tests: # - pkgconfig: building against the result won't work before installing (3.5.11) diff --git a/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch new file mode 100644 index 00000000000..90d1e85ee8c --- /dev/null +++ b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch @@ -0,0 +1,19 @@ +allow overriding system trust store location via $NIX_SSL_CERT_FILE + +diff --git a/lib/system/certs.c b/lib/system/certs.c +index 611c645..6ef6edb 100644 +--- a/lib/system/certs.c ++++ b/lib/system/certs.c +@@ -369,6 +369,11 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list, + unsigned int tl_flags, + unsigned int tl_vflags) + { +- return add_system_trust(list, tl_flags|GNUTLS_TL_NO_DUPLICATES, tl_vflags); ++ tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES; ++ const char *file = secure_getenv("NIX_SSL_CERT_FILE"); ++ return file ++ ? gnutls_x509_trust_list_add_trust_file( ++ list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags) ++ : add_system_trust(list, tl_flags, tl_vflags); + } + |