Configure a default trust store for openssl

2016-02-01 10:18:31 +01:00
parent 0876a44169
commit 9f358f809d
19 changed files with 16 additions and 91 deletions
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -1,5 +1,6 @@
 { stdenv, fetchurl, perl
-, withCryptodev ? false, cryptodevHeaders }:
+, withCryptodev ? false, cryptodevHeaders
+, defaultCertificate ? "/etc/ssl/certs/ca-certificates.crt" }:

 with stdenv.lib;
 let
@@ -58,6 +59,9 @@ stdenv.mkDerivation rec {

    # remove dependency on Perl at runtime
    rm -r $out/etc/ssl/misc $out/bin/c_rehash
+
+    # configure the default trust store
+    ${optionalString (defaultCertificate != null) "ln -s ${defaultCertificate} $out/etc/ssl/cert.pem"}
  '';

  postFixup = ''