36f99a9a82
It's more standard than $OPENSSL_X509_CERT_FILE (which I guess was a totally unnecessary patch to OpenSSL). Since curl respects $SSL_CERT_FILE, it's no longer needed to set $CURL_CA_BUNDLE. Git unfortunately doesn't.
24 lines
495 B
Nix
24 lines
495 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
|
|
config = {
|
|
|
|
environment.etc =
|
|
[ { source = "${pkgs.cacert}/etc/ca-bundle.crt";
|
|
target = "ssl/certs/ca-bundle.crt";
|
|
}
|
|
];
|
|
|
|
environment.sessionVariables =
|
|
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
|
# FIXME: unneeded - remove eventually.
|
|
OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
|
GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
|
|
};
|
|
|
|
};
|
|
|
|
}
|