Leroy Hopson
24d5d28820
cacert: fix formatting of example
2016-02-27 22:25:39 +13:00
Guillaume Maudoux
9f358f809d
Configure a default trust store for openssl
2016-02-03 12:42:01 +01:00
Eelco Dolstra
bfebc7342e
Fix some references to deprecated /etc/ssl/certs/ca-bundle.crt
2016-01-29 02:32:05 +01:00
William A. Kennington III
8e19ac8d7c
Merge branch 'master.upstream' into staging.upstream
2015-06-17 11:57:40 -07:00
Eelco Dolstra
6e6a96d42c
Some more type cleanup
2015-06-15 18:18:46 +02:00
William A. Kennington III
9d6555dc0a
Merge branch 'master.upstream' into staging.upstream
2015-06-06 12:04:42 -07:00
William A. Kennington III
ffd0539eba
cacert: store ca-bundle.crt in $out/etc/ssl/certs instead of $out
2015-06-05 13:00:52 -07:00
William A. Kennington III
867d2c5c46
openssl: Remove References to OPENSSL_X509_CERT_FILE
2015-05-31 15:50:51 -07:00
William A. Kennington III
d6cbb061e3
cacert: Build directly from nss instead of our own tarball
2015-05-29 13:52:07 -07:00
Eelco Dolstra
5092d625d6
/etc/ssl/certs/ca-bundle.crt -> ca-certificates.crt
...
Even though there is no "official" standard location, it's better to
stick to what most distros are using.
2015-02-15 19:06:31 +01:00
Eelco Dolstra
75e1b5e317
Provide symlinks to ca-bundle.crt for compat with other distros
...
There is no "standard" location for the certificate bundle, so many
programs/libraries have various hard-coded default locations that
don't exist on NixOS. To make these more likely to work, provide
some symlinks.
2015-02-15 19:06:31 +01:00
Eelco Dolstra
d2bfb5ceb0
Add options for installing additional root certificates
2015-02-05 18:08:35 +01:00
wmertens
3cecef15d7
Revert $GIT_SSL_CAINFO removal
...
Users have an older git in their user environment and it doesn't work without it. We should keep it around for a while.
2014-12-01 23:07:50 +01:00
Wout Mertens
72b81cf8bb
Remove unnecessary $GIT_SSL_CAINFO from sys env
2014-11-26 00:30:07 +01:00
Eelco Dolstra
36f99a9a82
Set $SSL_CERT_FILE
...
It's more standard than $OPENSSL_X509_CERT_FILE (which I guess was a
totally unnecessary patch to OpenSSL). Since curl respects
$SSL_CERT_FILE, it's no longer needed to set $CURL_CA_BUNDLE. Git
unfortunately doesn't.
2014-07-28 19:09:32 +02:00
Eelco Dolstra
f5055e2ef6
Rename environment.systemVariables -> environment.sessionVariables
...
This makes it clearer that they're part of PAM sessions.
2014-06-13 17:57:04 +02:00
Eelco Dolstra
8ae659f16c
Revert "Revert "Merge #2692 : Use pam_env to properly setup system-wide env""
...
This reverts commit 491c088731022463978e595956427e72db6306a9.
2014-06-10 13:07:10 +02:00
Eelco Dolstra
491c088731
Revert "Merge #2692 : Use pam_env to properly setup system-wide env"
...
This reverts commit 18a0cdd86416a8cbc263cfa8cb96c460a53f7b5c.
2014-06-10 13:03:44 +02:00
Vladimír Čunát
18a0cdd864
Merge #2692 : Use pam_env to properly setup system-wide env
2014-06-10 11:42:59 +02:00
Eelco Dolstra
29027fd1e1
Rewrite ‘with pkgs.lib’ -> ‘with lib’
...
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Eelco Dolstra
9c616e3bf4
Remove /etc/ca-bundle.crt
...
Applications should use /etc/ssl/certs/ca-bundle.crt instead.
2014-02-11 17:13:36 +01:00
Eelco Dolstra
5c1f8cbc70
Move all of NixOS to nixos/ in preparation of the repository merge
2013-10-10 13:28:20 +02:00