diff options
author | Katharina Fey <kookie@spacekookie.de> | 2019-10-18 16:32:00 +0000 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2019-10-18 16:32:00 +0000 |
commit | 0f74f62ee25ac2d21bd67c29b8efc3ad079a72a8 (patch) | |
tree | bd701e982d896952f4291e4b795c85bb581593b8 /nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.13.patch | |
parent | dae1ae41b3a575e87d411e0cd9daa42a85c5aa89 (diff) | |
parent | 1c40ee6fc44f7eb474c69ea070a43247a1a2c83c (diff) |
Merge commit '1c40ee6fc44f7eb474c69ea070a43247a1a2c83c'
Diffstat (limited to 'nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.13.patch')
-rw-r--r-- | nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.13.patch | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.13.patch b/nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.13.patch new file mode 100644 index 00000000000..02a50d9c72f --- /dev/null +++ b/nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.13.patch @@ -0,0 +1,64 @@ +diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go +index 255a8d3525..a467255a54 100644 +--- a/src/crypto/x509/root_cgo_darwin.go ++++ b/src/crypto/x509/root_cgo_darwin.go +@@ -280,6 +280,8 @@ int CopyPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots, bool debugDa + import "C" + import ( + "errors" ++ "io/ioutil" ++ "os" + "unsafe" + ) + +@@ -295,6 +297,13 @@ func loadSystemRoots() (*CertPool, error) { + buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data))) + roots := NewCertPool() + roots.AppendCertsFromPEM(buf) ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + + if C.CFDataGetLength(untrustedData) == 0 { + return roots, nil +diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go +index 2f6a8b8d60..b81889fe69 100644 +--- a/src/crypto/x509/root_darwin.go ++++ b/src/crypto/x509/root_darwin.go +@@ -92,6 +92,14 @@ func execSecurityRoots() (*CertPool, error) { + verifyCh = make(chan rootCandidate) + ) + ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } ++ + // Using 4 goroutines to pipe into verify-cert seems to be + // about the best we can do. The verify-cert binary seems to + // just RPC to another server with coarse locking anyway, so +diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go +index 48de50b4ea..750e12c6b4 100644 +--- a/src/crypto/x509/root_unix.go ++++ b/src/crypto/x509/root_unix.go +@@ -38,6 +38,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + + files := certFiles + if f := os.Getenv(certFileEnv); f != "" { |