diff options
Diffstat (limited to 'pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch')
-rw-r--r-- | pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch new file mode 100644 index 00000000000..90d1e85ee8c --- /dev/null +++ b/pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch @@ -0,0 +1,19 @@ +allow overriding system trust store location via $NIX_SSL_CERT_FILE + +diff --git a/lib/system/certs.c b/lib/system/certs.c +index 611c645..6ef6edb 100644 +--- a/lib/system/certs.c ++++ b/lib/system/certs.c +@@ -369,6 +369,11 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list, + unsigned int tl_flags, + unsigned int tl_vflags) + { +- return add_system_trust(list, tl_flags|GNUTLS_TL_NO_DUPLICATES, tl_vflags); ++ tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES; ++ const char *file = secure_getenv("NIX_SSL_CERT_FILE"); ++ return file ++ ? gnutls_x509_trust_list_add_trust_file( ++ list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags) ++ : add_system_trust(list, tl_flags, tl_vflags); + } + |