{ lib, stdenv , fetchFromGitHub , cmake , openssl }: stdenv.mkDerivation rec { pname = "s2n-tls"; version = "1.3.12"; src = fetchFromGitHub { owner = "aws"; repo = pname; rev = "v${version}"; sha256 = "1n1bak4s67cfizh8j5wpf05kfdcjvwqaca4rq9qys25z52bbpn9f"; }; nativeBuildInputs = [ cmake ]; outputs = [ "out" "dev"]; buildInputs = [ openssl ]; # s2n-config has find_dependency(LibCrypto). cmakeFlags = [ "-DBUILD_SHARED_LIBS=ON" "-DUNSAFE_TREAT_WARNINGS_AS_ERRORS=OFF" # disable -Werror ] ++ lib.optionals stdenv.hostPlatform.isMips64 [ # See https://github.com/aws/s2n-tls/issues/1592 and https://github.com/aws/s2n-tls/pull/1609 "-DS2N_NO_PQ=ON" ]; propagatedBuildInputs = [ openssl ]; # s2n-config has find_dependency(LibCrypto). postInstall = '' # Glob for 'shared' or 'static' subdir for f in $out/lib/s2n/cmake/*/s2n-targets.cmake; do substituteInPlace "$f" \ --replace 'INTERFACE_INCLUDE_DIRECTORIES "''${_IMPORT_PREFIX}/include"' 'INTERFACE_INCLUDE_DIRECTORIES ""' done ''; meta = with lib; { description = "C99 implementation of the TLS/SSL protocols"; homepage = "https://github.com/aws/s2n-tls"; license = licenses.asl20; platforms = platforms.unix; maintainers = with maintainers; [ orivej ]; }; }