nixpkgs/pkgs/servers/invidious/use-etc-ssl-certs.patch
Simon Bruder 970d249d39
invidious: unstable-2021-11-08 -> unstable-2021-11-13
This update disables QUIC by default which fixes Invidious not loading
anything except for the home page due to YouTube no longer accepting
HTTP/3 (Upstream Issue:
https://github.com/iv-org/invidious/issues/2577).

It therefore uses Crystal’s internal HTTP client, which failed because
the statically linked boringssl (required by lsquic) overrides OpenSSL’s
CA certificate file location. This is fixed by applying the same patch
to boringssl that is applied to openssl for using the correct CA
certificate file.
2021-11-14 10:07:09 +01:00

14 lines
550 B
Diff

diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
index d2bc3e5c1..329580075 100644
--- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
@@ -67,7 +67,7 @@
#define X509_CERT_AREA OPENSSLDIR
#define X509_CERT_DIR OPENSSLDIR "/certs"
-#define X509_CERT_FILE OPENSSLDIR "/cert.pem"
+#define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt"
#define X509_PRIVATE_DIR OPENSSLDIR "/private"
#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
#define X509_CERT_FILE_EVP "SSL_CERT_FILE"