From 288939ce22a8d63077e888db227289d9e36d41e5 Mon Sep 17 00:00:00 2001 From: Daiderd Jordan Date: Sat, 23 Jun 2018 12:13:23 +0200 Subject: [PATCH] curl: disable default CA bundle Without this curl might detect /etc/ssl/cert.pem at build time on macOS, causing curl to ignore NIX_SSL_CERT_FILE. Fixes #42317 --- pkgs/tools/networking/curl/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix index 3d8cdd2653b7..4a476a6ba137 100644 --- a/pkgs/tools/networking/curl/default.nix +++ b/pkgs/tools/networking/curl/default.nix @@ -63,6 +63,10 @@ stdenv.mkDerivation rec { ''; configureFlags = [ + # Disable default CA bundle, use NIX_SSL_CERT_FILE or fallback + # to nss-cacert from the default profile. + "--without-ca-bundle" + "--without-ca-path" "--with-ca-fallback" "--disable-manual" ( if sslSupport then "--with-ssl=${openssl.dev}" else "--without-ssl" )