pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / development / libraries / gnutls / nix-ssl-cert-file.patch

at devShellTools-shell 656 B view raw

 1allow overriding system trust store location via $NIX_SSL_CERT_FILE
 2
 3--- a/lib/system/certs.c
 4+++ b/lib/system/certs.c
 5@@ -381,6 +381,10 @@ int gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
 6 					    unsigned int tl_flags,
 7 					    unsigned int tl_vflags)
 8 {
 9-	return add_system_trust(list, tl_flags | GNUTLS_TL_NO_DUPLICATES,
10-				tl_vflags);
11+	tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES;
12+	const char *file = secure_getenv("NIX_SSL_CERT_FILE");
13+	return file
14+		? gnutls_x509_trust_list_add_trust_file(
15+			list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags)
16+		: add_system_trust(list, tl_flags, tl_vflags);
17 }