diff options
7 files changed, 7 insertions, 33 deletions
diff --git a/nixos/modules/programs/venus.nix b/nixos/modules/programs/venus.nix index 2b70a795f4f..3b5ae07e82f 100644 --- a/nixos/modules/programs/venus.nix +++ b/nixos/modules/programs/venus.nix @@ -166,7 +166,7 @@ in script = "exec venus-planet ${configFile}"; serviceConfig.User = "${cfg.user}"; serviceConfig.Group = "${cfg.group}"; - environment.OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; + environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; startAt = cfg.dates; }; diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix index 595b9476fa5..dec5a62dcf0 100644 --- a/nixos/modules/security/ca.nix +++ b/nixos/modules/security/ca.nix @@ -67,8 +67,6 @@ in environment.sessionVariables = { SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # FIXME: unneeded - remove eventually. - OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; - # FIXME: unneeded - remove eventually. GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt"; }; diff --git a/pkgs/applications/networking/cluster/panamax/api/default.nix b/pkgs/applications/networking/cluster/panamax/api/default.nix index dae0315a31b..8bb19cb3eb8 100644 --- a/pkgs/applications/networking/cluster/panamax/api/default.nix +++ b/pkgs/applications/networking/cluster/panamax/api/default.nix @@ -62,7 +62,6 @@ stdenv.mkDerivation rec { --prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \ --prefix "HOME" : "$out/share/panamax-api" \ --prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \ - --prefix "OPENSSL_X509_CERT_FILE" : "${cacert}/ca-bundle.crt" \ --prefix "SSL_CERT_FILE" : "${cacert}/ca-bundle.crt" \ --prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}" ''; diff --git a/pkgs/applications/networking/instant-messengers/tkabber/default.nix b/pkgs/applications/networking/instant-messengers/tkabber/default.nix index 2b3703bc279..d0cc333c71b 100644 --- a/pkgs/applications/networking/instant-messengers/tkabber/default.nix +++ b/pkgs/applications/networking/instant-messengers/tkabber/default.nix @@ -43,7 +43,7 @@ in mkTkabber (main // { postPatch = '' substituteInPlace login.tcl --replace \ "custom::defvar loginconf(sslcacertstore) \"\"" \ - "custom::defvar loginconf(sslcacertstore) \$env(OPENSSL_X509_CERT_FILE)" + "custom::defvar loginconf(sslcacertstore) \$env(SSL_CERT_FILE)" '' + optionalString (theme != null) '' themePath="$out/share/doc/tkabber/examples/xrdb/${theme}.xrdb" sed -i '/^if.*load_default_xrdb/,/^}$/ { diff --git a/pkgs/applications/version-management/git-and-tools/git/cert-path.patch b/pkgs/applications/version-management/git-and-tools/git/cert-path.patch index 846752f5bfe..7d5dca9abfe 100644 --- a/pkgs/applications/version-management/git-and-tools/git/cert-path.patch +++ b/pkgs/applications/version-management/git-and-tools/git/cert-path.patch @@ -5,7 +5,7 @@ diff -ru -x '*~' git-1.9.2-orig/git-send-email.perl git-1.9.2/git-send-email.per return; } -+ $smtp_ssl_cert_path //= $ENV{'OPENSSL_X509_CERT_FILE'}; ++ $smtp_ssl_cert_path //= $ENV{'SSL_CERT_FILE'}; + if (!defined $smtp_ssl_cert_path) { # use the OpenSSL defaults diff --git a/pkgs/development/libraries/openssl/1.0.2.x.nix b/pkgs/development/libraries/openssl/1.0.2.x.nix index 18c533ea188..a1645189161 100644 --- a/pkgs/development/libraries/openssl/1.0.2.x.nix +++ b/pkgs/development/libraries/openssl/1.0.2.x.nix @@ -10,30 +10,7 @@ let patchesCross = isCross: let isDarwin = stdenv.isDarwin || (isCross && stdenv.cross.libc == "libSystem"); - in - [ # Allow the location of the X509 certificate file (the CA - # bundle) to be set through the environment variable - # ‘OPENSSL_X509_CERT_FILE’. This is necessary because the - # default location ($out/ssl/cert.pem) doesn't exist, and - # hardcoding something like /etc/ssl/cert.pem is impure and - # cannot be overriden per-process. For security, the - # environment variable is ignored for setuid binaries. - # FIXME: drop this patch; it really isn't necessary, because - # OpenSSL already supports a ‘SSL_CERT_FILE’ variable. - ./cert-file.patch - ] - - ++ stdenv.lib.optionals (isCross && opensslCrossSystem == "hurd-x86") - [ ./cert-file-path-max.patch # merge with `cert-file.patch' eventually - ./gnu.patch # submitted upstream - ] - - ++ stdenv.lib.optionals (stdenv.system == "x86_64-kfreebsd-gnu") - [ ./gnu.patch - ./kfreebsd-gnu.patch - ] - - ++ stdenv.lib.optional isDarwin ./darwin-arch.patch; + in stdenv.lib.optional isDarwin ./darwin-arch.patch; extraPatches = stdenv.lib.optional stdenv.isCygwin ./1.0.1-cygwin64.patch; in diff --git a/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch b/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch index c0fa85ecce8..4a4b49a829d 100644 --- a/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch +++ b/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch @@ -1,4 +1,4 @@ -Use $OPENSSL_X509_CERT_FILE to get the CA certificates. +Use $SSL_CERT_FILE to get the CA certificates. diff -ru -x '*~' LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.02/lib/LWP/Protocol/https.pm --- LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm 2011-03-27 13:54:01.000000000 +0200 @@ -7,8 +7,8 @@ diff -ru -x '*~' LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm LWP-Prot } if ($ssl_opts{SSL_verify_mode}) { unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { -+ if (defined $ENV{'OPENSSL_X509_CERT_FILE'}) { -+ $ssl_opts{SSL_ca_file} = $ENV{'OPENSSL_X509_CERT_FILE'}; ++ if (defined $ENV{'SSL_CERT_FILE'}) { ++ $ssl_opts{SSL_ca_file} = $ENV{'SSL_CERT_FILE'}; + } + } + unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { |