* Provide a bundle of CA certificates in /etc/ca-bundle.crt, and set

the CURL_CA_BUNDLE environment variable.  This allows curl to work
  without the `-k' flag on https sites with a properly signed
  certificate.

svn path=/nixos/trunk/; revision=19572

modules/module-list.nix

@@ -31,6 +31,7 @@
   ./programs/ssh.nix
   ./programs/ssmtp.nix
   ./rename.nix
+  ./security/ca.nix
   ./security/consolekit.nix
   ./security/pam.nix
   ./security/pam_usb.nix

modules/security/ca.nix

@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  config = {
+
+    environment.etc = singleton
+      { source = "${pkgs.cacert}/etc/ca-bundle.crt";
+        target = "ca-bundle.crt";
+      };
+
+    environment.shellInit =
+      ''
+        export CURL_CA_BUNDLE=/etc/ca-bundle.crt
+      '';
+      
+  };
+
+}