nixpkgs/pkgs/development/libraries/openssl/1.0.2/nix-ssl-cert-file.patch
Alyssa Ross ae29a9e688
openssl: 1.0.2p -> 1.0.2q
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-5407: https://www.openssl.org/news/vulnerabilities.html#2018-5407

No patches can any longer be shared between 1.0.2 and 1.1, so reorganize
patches into subdirectories (and remove an unused one).
2018-11-20 16:51:48 +00:00

16 lines
649 B
Diff

diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index e6d0e6e1a6..b89456fd87 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -97,7 +97,10 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
- file = ossl_safe_getenv(X509_get_default_cert_file_env());
+ file = ossl_safe_getenv("NIX_SSL_CERT_FILE");
+
+ if (!file)
+ file = ossl_safe_getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,