pkgs/development/compilers/go/ssl-cert-file-2-dev.patch at 21.05 · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / development / compilers / go / ssl-cert-file-2-dev.patch

at 21.05 54 lines 1.4 kB view raw

 1diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
 2index 05593bb105..a6a11eeec1 100644
 3--- a/src/crypto/x509/root_darwin.go
 4+++ b/src/crypto/x509/root_darwin.go
 5@@ -11,6 +11,7 @@ import (
 6 	"bytes"
 7 	macOS "crypto/x509/internal/macos"
 8 	"fmt"
 9+	"io/ioutil"
10 	"os"
11 	"strings"
12 )
13@@ -22,6 +23,14 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
14 }
15 
16 func loadSystemRoots() (*CertPool, error) {
17+	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
18+		data, err := ioutil.ReadFile(file)
19+		if err == nil {
20+			roots := NewCertPool()
21+			roots.AppendCertsFromPEM(data)
22+			return roots, nil
23+		}
24+	}
25 	var trustedRoots []*Certificate
26 	untrustedRoots := make(map[string]bool)
27 
28diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
29index dede825edd..ffb3caf4a4 100644
30--- a/src/crypto/x509/root_unix.go
31+++ b/src/crypto/x509/root_unix.go
32@@ -9,6 +9,7 @@ package x509
33 
34 import (
35 	"io/fs"
36+	"io/ioutil"
37 	"os"
38 	"path/filepath"
39 	"strings"
40@@ -32,6 +33,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
41 
42 func loadSystemRoots() (*CertPool, error) {
43 	roots := NewCertPool()
44+	if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
45+		data, err := ioutil.ReadFile(file)
46+		if err == nil {
47+			roots.AppendCertsFromPEM(data)
48+			return roots, nil
49+		}
50+	}
51 
52 	files := certFiles
53 	if f := os.Getenv(certFileEnv); f != "" {
54