mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-23 23:43:30 +00:00
nixos/stunnel: Fix CA files
This commit is contained in:
parent
77a5bf5bfb
commit
4a32dbd1e1
@ -57,7 +57,13 @@ let
|
||||
};
|
||||
|
||||
CAPath = mkOption {
|
||||
type = types.path;
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = "Path to a directory containing certificates to validate against.";
|
||||
};
|
||||
|
||||
CAFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
description = "Path to a file containing certificates to validate against.";
|
||||
};
|
||||
@ -196,6 +202,7 @@ in
|
||||
verifyChain = ${yesNo v.verifyChain}
|
||||
verifyPeer = ${yesNo v.verifyPeer}
|
||||
${optionalString (v.CAPath != null) "CApath = ${v.CAPath}"}
|
||||
${optionalString (v.CAFile != null) "CAFile = ${v.CAFile}"}
|
||||
${optionalString (v.verifyHostname != null) "checkHost = ${v.verifyHostname}"}
|
||||
OCSPaia = yes
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user