pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / development / compilers / go / ssl-cert-file.patch
at 17.09-beta 80 lines 2.4 kB view raw
1diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go 2index a4b33c7..9700b75 100644 3--- a/src/crypto/x509/root_cgo_darwin.go 4+++ b/src/crypto/x509/root_cgo_darwin.go 5@@ -151,11 +151,20 @@ int FetchPEMRoots(CFDataRef *pemRoots) { 6 import "C" 7 import ( 8 "errors" 9+ "io/ioutil" 10+ "os" 11 "unsafe" 12 ) 13 14 func loadSystemRoots() (*CertPool, error) { 15 roots := NewCertPool() 16+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { 17+ data, err := ioutil.ReadFile(file) 18+ if err == nil { 19+ roots.AppendCertsFromPEM(data) 20+ return roots, nil 21+ } 22+ } 23 24 var data C.CFDataRef = nil 25 err := C.FetchPEMRoots(&data) 26diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go 27index 66cdb5e..bb28036 100644 28--- a/src/crypto/x509/root_darwin.go 29+++ b/src/crypto/x509/root_darwin.go 30@@ -61,17 +61,25 @@ func execSecurityRoots() (*CertPool, error) { 31 println(fmt.Sprintf("crypto/x509: %d certs have a trust policy", len(hasPolicy))) 32 } 33 34- cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain") 35- data, err := cmd.Output() 36- if err != nil { 37- return nil, err 38- } 39- 40 var ( 41 mu sync.Mutex 42 roots = NewCertPool() 43 numVerified int // number of execs of 'security verify-cert', for debug stats 44 ) 45 46+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { 47+ data, err := ioutil.ReadFile(file) 48+ if err == nil { 49+ roots.AppendCertsFromPEM(data) 50+ return roots, nil 51+ } 52+ } 53+ 54+ cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", "/System/Library/Keychains/SystemRootCertificates.keychain") 55+ data, err := cmd.Output() 56+ if err != nil { 57+ return nil, err 58+ } 59+ 60 blockCh := make(chan *pem.Block) 61 var wg sync.WaitGroup 62diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go 63index 7bcb3d6..3986e1a 100644 64--- a/src/crypto/x509/root_unix.go 65+++ b/src/crypto/x509/root_unix.go 66@@ -24,6 +24,14 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate 67 68 func loadSystemRoots() (*CertPool, error) { 69 roots := NewCertPool() 70+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { 71+ data, err := ioutil.ReadFile(file) 72+ if err == nil { 73+ roots.AppendCertsFromPEM(data) 74+ return roots, nil 75+ } 76+ } 77+ 78 var firstErr error 79 for _, file := range certFiles { 80 data, err := ioutil.ReadFile(file)