diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2019-01-21 21:15:42 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2019-01-21 21:15:42 +0100 |
commit | 6f61d8b0f65ff6514114008cfef35b5e979850f8 (patch) | |
tree | b1374d30488bcf21c3bef08b2e13473204909b2e /pkgs/development/libraries/openssl | |
parent | 8e3070160162a6c87b35e4a54e488fe6343597d1 (diff) | |
download | nixpkgs-6f61d8b0f65ff6514114008cfef35b5e979850f8.tar nixpkgs-6f61d8b0f65ff6514114008cfef35b5e979850f8.tar.gz nixpkgs-6f61d8b0f65ff6514114008cfef35b5e979850f8.tar.bz2 nixpkgs-6f61d8b0f65ff6514114008cfef35b5e979850f8.tar.lz nixpkgs-6f61d8b0f65ff6514114008cfef35b5e979850f8.tar.xz nixpkgs-6f61d8b0f65ff6514114008cfef35b5e979850f8.tar.zst nixpkgs-6f61d8b0f65ff6514114008cfef35b5e979850f8.zip |
openssl_1_1: use the same default CA path as 1.0.*
Fixes https://github.com/NixOS/nixpkgs/issues/54437
Diffstat (limited to 'pkgs/development/libraries/openssl')
3 files changed, 33 insertions, 1 deletions
diff --git a/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch new file mode 100644 index 00000000000..2c98ccfa7ed --- /dev/null +++ b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch @@ -0,0 +1,13 @@ +diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h +index 329ef62..9a8df64 100644 +--- a/include/internal/cryptlib.h ++++ b/include/internal/cryptlib.h +@@ -56,7 +56,7 @@ DEFINE_LHASH_OF(MEM); + # ifndef OPENSSL_SYS_VMS + # define X509_CERT_AREA OPENSSLDIR + # define X509_CERT_DIR OPENSSLDIR "/certs" +-# define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++# define X509_CERT_FILE "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" + # define X509_PRIVATE_DIR OPENSSLDIR "/private" + # define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" + # else diff --git a/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch new file mode 100644 index 00000000000..67d199681f9 --- /dev/null +++ b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch @@ -0,0 +1,13 @@ +diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h +index 329ef62..9a8df64 100644 +--- a/include/internal/cryptlib.h ++++ b/include/internal/cryptlib.h +@@ -56,7 +56,7 @@ DEFINE_LHASH_OF(MEM); + # ifndef OPENSSL_SYS_VMS + # define X509_CERT_AREA OPENSSLDIR + # define X509_CERT_DIR OPENSSLDIR "/certs" +-# define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++# define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt" + # define X509_PRIVATE_DIR OPENSSLDIR "/private" + # define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" + # else diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 32fd6e727f7..0954e1b70bb 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -134,7 +134,13 @@ in { openssl_1_1 = common { version = "1.1.1a"; sha256 = "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w"; - patches = [ ./1.1/nix-ssl-cert-file.patch ]; + patches = [ + ./1.1/nix-ssl-cert-file.patch + + (if stdenv.hostPlatform.isDarwin + then ./1.1/use-etc-ssl-certs-darwin.patch + else ./1.1/use-etc-ssl-certs.patch) + ]; withDocs = true; }; |