2020-04-24 23:36:52 +00:00
|
|
|
allow overriding system trust store location via $NIX_SSL_CERT_FILE
|
|
|
|
|
|
|
|
--- a/lib/system/certs.c
|
|
|
|
+++ b/lib/system/certs.c
|
2023-03-04 12:14:45 +00:00
|
|
|
@@ -404,6 +404,10 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
|
2020-04-24 23:36:52 +00:00
|
|
|
unsigned int tl_flags,
|
|
|
|
unsigned int tl_vflags)
|
|
|
|
{
|
2023-03-04 12:14:45 +00:00
|
|
|
- return add_system_trust(list, tl_flags | GNUTLS_TL_NO_DUPLICATES,
|
|
|
|
- tl_vflags);
|
2020-04-24 23:36:52 +00:00
|
|
|
+ tl_flags = tl_flags|GNUTLS_TL_NO_DUPLICATES;
|
|
|
|
+ const char *file = secure_getenv("NIX_SSL_CERT_FILE");
|
|
|
|
+ return file
|
|
|
|
+ ? gnutls_x509_trust_list_add_trust_file(
|
|
|
|
+ list, file, NULL/*CRL*/, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags)
|
|
|
|
+ : add_system_trust(list, tl_flags, tl_vflags);
|
|
|
|
}
|