nixpkgs/pkgs/development/compilers/go/ssl-cert-file-1.9.patch
2017-09-05 16:44:13 -04:00

80 lines
2.1 KiB
Diff

diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go
index 8e80533590..31c0c666ec 100644
--- a/src/crypto/x509/root_cgo_darwin.go
+++ b/src/crypto/x509/root_cgo_darwin.go
@@ -201,11 +201,20 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
import "C"
import (
"errors"
+ "io/ioutil"
+ "os"
"unsafe"
)
func loadSystemRoots() (*CertPool, error) {
roots := NewCertPool()
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
+ data, err := ioutil.ReadFile(file)
+ if err == nil {
+ roots.AppendCertsFromPEM(data)
+ return roots, nil
+ }
+ }
var data C.CFDataRef = nil
var untrustedData C.CFDataRef = nil
diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
index bc35a1cf21..21e52bec51 100644
--- a/src/crypto/x509/root_darwin.go
+++ b/src/crypto/x509/root_darwin.go
@@ -81,18 +81,26 @@ func execSecurityRoots() (*CertPool, error) {
)
}
- cmd := exec.Command("/usr/bin/security", args...)
- data, err := cmd.Output()
- if err != nil {
- return nil, err
- }
-
var (
mu sync.Mutex
roots = NewCertPool()
numVerified int // number of execs of 'security verify-cert', for debug stats
)
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
+ data, err := ioutil.ReadFile(file)
+ if err == nil {
+ roots.AppendCertsFromPEM(data)
+ return roots, nil
+ }
+ }
+
+ cmd := exec.Command("/usr/bin/security", args...)
+ data, err := cmd.Output()
+ if err != nil {
+ return nil, err
+ }
+
blockCh := make(chan *pem.Block)
var wg sync.WaitGroup
diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
index 65b5a5fdbc..c9c7ac6a74 100644
--- a/src/crypto/x509/root_unix.go
+++ b/src/crypto/x509/root_unix.go
@@ -37,6 +37,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
func loadSystemRoots() (*CertPool, error) {
roots := NewCertPool()
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
+ data, err := ioutil.ReadFile(file)
+ if err == nil {
+ roots.AppendCertsFromPEM(data)
+ return roots, nil
+ }
+ }
files := certFiles
if f := os.Getenv(certFileEnv); f != "" {