nixpkgs/pkgs/development/libraries/openssl/1.0.2/use-etc-ssl-certs-darwin.patch
Alyssa Ross ae29a9e688
openssl: 1.0.2p -> 1.0.2q
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-5407: https://www.openssl.org/news/vulnerabilities.html#2018-5407

No patches can any longer be shared between 1.0.2 and 1.1, so reorganize
patches into subdirectories (and remove an unused one).
2018-11-20 16:51:48 +00:00

14 lines
658 B
Diff

diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h
--- openssl-1.0.1r-orig/crypto/cryptlib.h 2016-01-28 14:38:30.000000000 +0100
+++ openssl-1.0.1r/crypto/cryptlib.h 2016-02-03 12:54:29.193165176 +0100
@@ -81,8 +81,8 @@
# ifndef OPENSSL_SYS_VMS
# define X509_CERT_AREA OPENSSLDIR
# define X509_CERT_DIR OPENSSLDIR "/certs"
-# define X509_CERT_FILE OPENSSLDIR "/cert.pem"
+# define X509_CERT_FILE "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
# define X509_PRIVATE_DIR OPENSSLDIR "/private"
# else
# define X509_CERT_AREA "SSLROOT:[000000]"