mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-02 07:31:26 +00:00
81 lines
2.1 KiB
Diff
81 lines
2.1 KiB
Diff
diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go
|
|
index 8e80533590..31c0c666ec 100644
|
|
--- a/src/crypto/x509/root_cgo_darwin.go
|
|
+++ b/src/crypto/x509/root_cgo_darwin.go
|
|
@@ -201,11 +201,20 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
|
|
import "C"
|
|
import (
|
|
"errors"
|
|
+ "io/ioutil"
|
|
+ "os"
|
|
"unsafe"
|
|
)
|
|
|
|
func loadSystemRoots() (*CertPool, error) {
|
|
roots := NewCertPool()
|
|
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
|
|
+ data, err := ioutil.ReadFile(file)
|
|
+ if err == nil {
|
|
+ roots.AppendCertsFromPEM(data)
|
|
+ return roots, nil
|
|
+ }
|
|
+ }
|
|
|
|
var data C.CFDataRef = nil
|
|
var untrustedData C.CFDataRef = nil
|
|
diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
|
|
index bc35a1cf21..21e52bec51 100644
|
|
--- a/src/crypto/x509/root_darwin.go
|
|
+++ b/src/crypto/x509/root_darwin.go
|
|
@@ -81,18 +81,26 @@ func execSecurityRoots() (*CertPool, error) {
|
|
)
|
|
}
|
|
|
|
- cmd := exec.Command("/usr/bin/security", args...)
|
|
- data, err := cmd.Output()
|
|
- if err != nil {
|
|
- return nil, err
|
|
- }
|
|
-
|
|
var (
|
|
mu sync.Mutex
|
|
roots = NewCertPool()
|
|
numVerified int // number of execs of 'security verify-cert', for debug stats
|
|
)
|
|
|
|
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
|
|
+ data, err := ioutil.ReadFile(file)
|
|
+ if err == nil {
|
|
+ roots.AppendCertsFromPEM(data)
|
|
+ return roots, nil
|
|
+ }
|
|
+ }
|
|
+
|
|
+ cmd := exec.Command("/usr/bin/security", args...)
|
|
+ data, err := cmd.Output()
|
|
+ if err != nil {
|
|
+ return nil, err
|
|
+ }
|
|
+
|
|
blockCh := make(chan *pem.Block)
|
|
var wg sync.WaitGroup
|
|
|
|
diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
|
|
index 65b5a5fdbc..c9c7ac6a74 100644
|
|
--- a/src/crypto/x509/root_unix.go
|
|
+++ b/src/crypto/x509/root_unix.go
|
|
@@ -37,6 +37,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
|
|
|
|
func loadSystemRoots() (*CertPool, error) {
|
|
roots := NewCertPool()
|
|
+ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
|
|
+ data, err := ioutil.ReadFile(file)
|
|
+ if err == nil {
|
|
+ roots.AppendCertsFromPEM(data)
|
|
+ return roots, nil
|
|
+ }
|
|
+ }
|
|
|
|
files := certFiles
|
|
if f := os.Getenv(certFileEnv); f != "" {
|