public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

openssl: Remove References to OPENSSL_X509_CERT_FILE

Browse Source
This commit is contained in:
William A. Kennington III 2015-05-31 15:48:17 -07:00
parent afa5859716
commit 867d2c5c46
7 changed files with 7 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/programs/venus.nix
View File

@ -166,7 +166,7 @@ in
script = "exec venus-planet ${configFile}"; script = "exec venus-planet ${configFile}";
serviceConfig.User = "${cfg.user}"; serviceConfig.User = "${cfg.user}";
serviceConfig.Group = "${cfg.group}"; serviceConfig.Group = "${cfg.group}";
environment.OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
startAt = cfg.dates; startAt = cfg.dates;
}; };

2
nixos/modules/security/ca.nix
View File

@ -66,8 +66,6 @@ in
environment.sessionVariables = environment.sessionVariables =
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; { SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
# FIXME: unneeded - remove eventually.
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
# FIXME: unneeded - remove eventually. # FIXME: unneeded - remove eventually.
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt"; GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt";
}; };

1
pkgs/applications/networking/cluster/panamax/api/default.nix
View File

@ -62,7 +62,6 @@ stdenv.mkDerivation rec {
--prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \ --prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \
--prefix "HOME" : "$out/share/panamax-api" \ --prefix "HOME" : "$out/share/panamax-api" \
--prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \ --prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \
--prefix "OPENSSL_X509_CERT_FILE" : "${cacert}/ca-bundle.crt" \
--prefix "SSL_CERT_FILE" : "${cacert}/ca-bundle.crt" \ --prefix "SSL_CERT_FILE" : "${cacert}/ca-bundle.crt" \
--prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}" --prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}"
''; '';

2
pkgs/applications/networking/instant-messengers/tkabber/default.nix
View File

@ -43,7 +43,7 @@ in mkTkabber (main // {
postPatch = '' postPatch = ''
substituteInPlace login.tcl --replace \ substituteInPlace login.tcl --replace \
"custom::defvar loginconf(sslcacertstore) \"\"" \ "custom::defvar loginconf(sslcacertstore) \"\"" \
"custom::defvar loginconf(sslcacertstore) \$env(OPENSSL_X509_CERT_FILE)" "custom::defvar loginconf(sslcacertstore) \$env(SSL_CERT_FILE)"
'' + optionalString (theme != null) '' '' + optionalString (theme != null) ''
themePath="$out/share/doc/tkabber/examples/xrdb/${theme}.xrdb" themePath="$out/share/doc/tkabber/examples/xrdb/${theme}.xrdb"
sed -i '/^if.*load_default_xrdb/,/^}$/ { sed -i '/^if.*load_default_xrdb/,/^}$/ {

2
pkgs/applications/version-management/git-and-tools/git/cert-path.patch
View File

@ -5,7 +5,7 @@ diff -ru -x '*~' git-1.9.2-orig/git-send-email.perl git-1.9.2/git-send-email.per
return; return;
} }
+ $smtp_ssl_cert_path //= $ENV{'OPENSSL_X509_CERT_FILE'}; + $smtp_ssl_cert_path //= $ENV{'SSL_CERT_FILE'};
+ +
if (!defined $smtp_ssl_cert_path) { if (!defined $smtp_ssl_cert_path) {
# use the OpenSSL defaults # use the OpenSSL defaults

25
pkgs/development/libraries/openssl/1.0.2.x.nix
View File

@ -10,30 +10,7 @@ let
patchesCross = isCross: let patchesCross = isCross: let
isDarwin = stdenv.isDarwin || (isCross && stdenv.cross.libc == "libSystem"); isDarwin = stdenv.isDarwin || (isCross && stdenv.cross.libc == "libSystem");
in in stdenv.lib.optional isDarwin ./darwin-arch.patch;
[ # Allow the location of the X509 certificate file (the CA
# bundle) to be set through the environment variable
# OPENSSL_X509_CERT_FILE. This is necessary because the
# default location ($out/ssl/cert.pem) doesn't exist, and
# hardcoding something like /etc/ssl/cert.pem is impure and
# cannot be overriden per-process. For security, the
# environment variable is ignored for setuid binaries.
# FIXME: drop this patch; it really isn't necessary, because
# OpenSSL already supports a SSL_CERT_FILE variable.
./cert-file.patch
]
++ stdenv.lib.optionals (isCross && opensslCrossSystem == "hurd-x86")
[ ./cert-file-path-max.patch # merge with `cert-file.patch' eventually
./gnu.patch # submitted upstream
]
++ stdenv.lib.optionals (stdenv.system == "x86_64-kfreebsd-gnu")
[ ./gnu.patch
./kfreebsd-gnu.patch
]
++ stdenv.lib.optional isDarwin ./darwin-arch.patch;
extraPatches = stdenv.lib.optional stdenv.isCygwin ./1.0.1-cygwin64.patch; extraPatches = stdenv.lib.optional stdenv.isCygwin ./1.0.1-cygwin64.patch;
in in

6
pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch
View File

@ -1,4 +1,4 @@
Use $OPENSSL_X509_CERT_FILE to get the CA certificates. Use $SSL_CERT_FILE to get the CA certificates.
diff -ru -x '*~' LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.02/lib/LWP/Protocol/https.pm diff -ru -x '*~' LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.02/lib/LWP/Protocol/https.pm
--- LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm 2011-03-27 13:54:01.000000000 +0200 --- LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm 2011-03-27 13:54:01.000000000 +0200
@ -7,8 +7,8 @@ diff -ru -x '*~' LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm LWP-Prot
} }
if ($ssl_opts{SSL_verify_mode}) { if ($ssl_opts{SSL_verify_mode}) {
unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
+ if (defined $ENV{'OPENSSL_X509_CERT_FILE'}) { + if (defined $ENV{'SSL_CERT_FILE'}) {
+ $ssl_opts{SSL_ca_file} = $ENV{'OPENSSL_X509_CERT_FILE'}; + $ssl_opts{SSL_ca_file} = $ENV{'SSL_CERT_FILE'};
+ } + }
+ } + }
+ unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { + unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {