curl: disable default CA bundle

Without this curl might detect /etc/ssl/cert.pem at build time on macOS, causing curl to ignore NIX_SSL_CERT_FILE. Fixes #42317
author: Daiderd Jordan <daiderd@gmail.com> 2018-06-23 12:13:23 +0200
committer: Daiderd Jordan <daiderd@gmail.com> 2018-06-23 12:16:42 +0200
commit: 288939ce22a8d63077e888db227289d9e36d41e5 (patch)
tree: 79658026473e4ae9ce826461d13dabddf74cc991 /pkgs/tools/networking/curl
parent: 59daa4fd629f7e6547bdff047d9759c353f29067 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index 3d8cdd2653b7..4a476a6ba137 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -63,6 +63,10 @@ stdenv.mkDerivation rec {
   '';
 
   configureFlags = [
+      # Disable default CA bundle, use NIX_SSL_CERT_FILE or fallback
+      # to nss-cacert from the default profile.
+      "--without-ca-bundle"
+      "--without-ca-path"
       "--with-ca-fallback"
       "--disable-manual"
       ( if sslSupport then "--with-ssl=${openssl.dev}" else "--without-ssl" )
author	Daiderd Jordan <daiderd@gmail.com>	2018-06-23 12:13:23 +0200
committer	Daiderd Jordan <daiderd@gmail.com>	2018-06-23 12:16:42 +0200
commit	288939ce22a8d63077e888db227289d9e36d41e5 (patch)
tree	79658026473e4ae9ce826461d13dabddf74cc991 /pkgs/tools/networking/curl
parent	59daa4fd629f7e6547bdff047d9759c353f29067 (diff)