nixpkgs/modules/security/ca.nix

{ config, pkgs, ... }:

with pkgs.lib;

{

  config = {

    environment.etc =
      [
        # Provide both Fedora and Ubuntu certificate locations for
        # compatibility.
        { source = "${pkgs.cacert}/etc/ca-bundle.crt";
          target = "ssl/certs/ca-bundle.crt"; # Same location as in Fedora
        }

        { source = "${pkgs.cacert}/etc/ca-bundle.crt";
          target = "ssl/certs/ca-certificates.crt"; # Same location as in Ubuntu
        }

        # Backward compatibility; may remove at some point.
        { source = "${pkgs.cacert}/etc/ca-bundle.crt";
          target = "ca-bundle.crt";
        }
      ];

    environment.shellInit =
      ''
        export OPENSSL_X509_CERT_FILE=/etc/ssl/certs/ca-bundle.crt

        export CURL_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt
        export GIT_SSL_CAINFO=/etc/ssl/certs/ca-bundle.crt
      '';

  };

}
* Provide a bundle of CA certificates in /etc/ca-bundle.crt, and set the CURL_CA_BUNDLE environment variable. This allows curl to work without the `-k' flag on https sites with a properly signed certificate. svn path=/nixos/trunk/; revision=19572 2010-01-20 14:22:47 +00:00			`{ config, pkgs, ... }:`

			`with pkgs.lib;`

			`{`

			`config = {`

* Put the CA certificate bundle in /etc/ssl/certs because Qt expects them there. svn path=/nixos/trunk/; revision=28009 2011-07-29 19:06:27 +00:00			`environment.etc =`
Add /etc/ssl/certs/ca-certificates.crt symlink for Ubuntu compatibility NixOS and Fedora uses .../ca-bundle.crt. Ubuntu uses .../ca-certificates.crt. Add .../ca-certificates.crt symlink to be compatible with Ubuntu. Example use case: Bob has a ~/.msmtprc file that he brings over from Ubuntu. It also works on NixOS. 2013-08-17 08:35:56 +00:00			`[`
			`# Provide both Fedora and Ubuntu certificate locations for`
			`# compatibility.`
			`{ source = "${pkgs.cacert}/etc/ca-bundle.crt";`
			`target = "ssl/certs/ca-bundle.crt"; # Same location as in Fedora`
			`}`

			`{ source = "${pkgs.cacert}/etc/ca-bundle.crt";`
			`target = "ssl/certs/ca-certificates.crt"; # Same location as in Ubuntu`
* Put the CA certificate bundle in /etc/ssl/certs because Qt expects them there. svn path=/nixos/trunk/; revision=28009 2011-07-29 19:06:27 +00:00			`}`

			`# Backward compatibility; may remove at some point.`
			`{ source = "${pkgs.cacert}/etc/ca-bundle.crt";`
			`target = "ca-bundle.crt";`
			`}`
			`];`
* Provide a bundle of CA certificates in /etc/ca-bundle.crt, and set the CURL_CA_BUNDLE environment variable. This allows curl to work without the `-k' flag on https sites with a properly signed certificate. svn path=/nixos/trunk/; revision=19572 2010-01-20 14:22:47 +00:00
			`environment.shellInit =`
			`''`
* Set OPENSSL_X509_CERT_FILE. svn path=/nixos/trunk/; revision=29225 2011-09-12 17:01:43 +00:00			`export OPENSSL_X509_CERT_FILE=/etc/ssl/certs/ca-bundle.crt`
Revert "Remove obsolete environment variables" This reverts commit ac8080b83c8bcaaadd35f7430ccc0add0eade15a. 2013-01-15 16:34:01 +00:00
			`export CURL_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt`
			`export GIT_SSL_CAINFO=/etc/ssl/certs/ca-bundle.crt`
* Provide a bundle of CA certificates in /etc/ca-bundle.crt, and set the CURL_CA_BUNDLE environment variable. This allows curl to work without the `-k' flag on https sites with a properly signed certificate. svn path=/nixos/trunk/; revision=19572 2010-01-20 14:22:47 +00:00			`'';`
strip trailing whitespace; no functional change svn path=/nixos/trunk/; revision=29285 2011-09-14 18:20:50 +00:00
* Provide a bundle of CA certificates in /etc/ca-bundle.crt, and set the CURL_CA_BUNDLE environment variable. This allows curl to work without the `-k' flag on https sites with a properly signed certificate. svn path=/nixos/trunk/; revision=19572 2010-01-20 14:22:47 +00:00			`};`

			`}`