Loading pkgs/development/libraries/openssl/3.2/use-etc-ssl-certs-darwin.patch 0 → 100644 +13 −0 Original line number Diff line number Diff line diff --git a/include/internal/common.h b/include/internal/common.h index 15666f1..d91e25b 100644 --- a/include/internal/common.h +++ b/include/internal/common.h @@ -83,7 +83,7 @@ __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, # ifndef OPENSSL_SYS_VMS # define X509_CERT_AREA OPENSSLDIR # define X509_CERT_DIR OPENSSLDIR "/certs" -# define X509_CERT_FILE OPENSSLDIR "/cert.pem" +# define X509_CERT_FILE "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" # define X509_PRIVATE_DIR OPENSSLDIR "/private" # define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" # else pkgs/development/libraries/openssl/3.2/use-etc-ssl-certs.patch 0 → 100644 +13 −0 Original line number Diff line number Diff line diff --git a/include/internal/common.h b/include/internal/common.h index 15666f1..d91e25b 100644 --- a/include/internal/common.h +++ b/include/internal/common.h @@ -83,7 +83,7 @@ __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, # ifndef OPENSSL_SYS_VMS # define X509_CERT_AREA OPENSSLDIR # define X509_CERT_DIR OPENSSLDIR "/certs" -# define X509_CERT_FILE OPENSSLDIR "/cert.pem" +# define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt" # define X509_PRIVATE_DIR OPENSSLDIR "/private" # define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" # else pkgs/development/libraries/openssl/default.nix +12 −5 Original line number Diff line number Diff line Loading @@ -234,6 +234,13 @@ let }); in { # intended version "policy": # - 1.1 as long as some package exists, which does not build without it # - latest 3.x LTS # - latest 3.x non-LTS as preview/for development # # - other versions in between only when reasonable need is stated for some package # - backport every security critical fix release e.g. 3.0.y -> 3.0.y+1 but no new version, e.g. 3.1 -> 3.2 # If you do upgrade here, please update in pkgs/top-level/release.nix # the permitted insecure version to ensure it gets cached for our users Loading Loading @@ -279,9 +286,9 @@ in { }; }; openssl_3_1 = common { version = "3.1.4"; hash = "sha256-hAr1Nmq5tSK95SWCa+PvD7Cvgcap69hMqmAP6hcx7uM="; openssl_3_2 = common { version = "3.2.0"; hash = "sha256-FMgm8Hx+QzcG+1xp+p4l2rlWhIRLTJYqLPG/GD60aQ4="; patches = [ ./3.0/nix-ssl-cert-file.patch Loading @@ -291,8 +298,8 @@ in { ./3.0/openssl-disable-kernel-detection.patch (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) then ./3.2/use-etc-ssl-certs-darwin.patch else ./3.2/use-etc-ssl-certs.patch) ]; withDocs = true; Loading pkgs/top-level/all-packages.nix +1 −1 Original line number Diff line number Diff line Loading @@ -24445,7 +24445,7 @@ with pkgs; inherit (callPackages ../development/libraries/openssl { }) openssl_1_1 openssl_3 openssl_3_1; openssl_3_2; opensubdiv = callPackage ../development/libraries/opensubdiv { }; Loading
pkgs/development/libraries/openssl/3.2/use-etc-ssl-certs-darwin.patch 0 → 100644 +13 −0 Original line number Diff line number Diff line diff --git a/include/internal/common.h b/include/internal/common.h index 15666f1..d91e25b 100644 --- a/include/internal/common.h +++ b/include/internal/common.h @@ -83,7 +83,7 @@ __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, # ifndef OPENSSL_SYS_VMS # define X509_CERT_AREA OPENSSLDIR # define X509_CERT_DIR OPENSSLDIR "/certs" -# define X509_CERT_FILE OPENSSLDIR "/cert.pem" +# define X509_CERT_FILE "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" # define X509_PRIVATE_DIR OPENSSLDIR "/private" # define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" # else
pkgs/development/libraries/openssl/3.2/use-etc-ssl-certs.patch 0 → 100644 +13 −0 Original line number Diff line number Diff line diff --git a/include/internal/common.h b/include/internal/common.h index 15666f1..d91e25b 100644 --- a/include/internal/common.h +++ b/include/internal/common.h @@ -83,7 +83,7 @@ __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, # ifndef OPENSSL_SYS_VMS # define X509_CERT_AREA OPENSSLDIR # define X509_CERT_DIR OPENSSLDIR "/certs" -# define X509_CERT_FILE OPENSSLDIR "/cert.pem" +# define X509_CERT_FILE "/etc/ssl/certs/ca-certificates.crt" # define X509_PRIVATE_DIR OPENSSLDIR "/private" # define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" # else
pkgs/development/libraries/openssl/default.nix +12 −5 Original line number Diff line number Diff line Loading @@ -234,6 +234,13 @@ let }); in { # intended version "policy": # - 1.1 as long as some package exists, which does not build without it # - latest 3.x LTS # - latest 3.x non-LTS as preview/for development # # - other versions in between only when reasonable need is stated for some package # - backport every security critical fix release e.g. 3.0.y -> 3.0.y+1 but no new version, e.g. 3.1 -> 3.2 # If you do upgrade here, please update in pkgs/top-level/release.nix # the permitted insecure version to ensure it gets cached for our users Loading Loading @@ -279,9 +286,9 @@ in { }; }; openssl_3_1 = common { version = "3.1.4"; hash = "sha256-hAr1Nmq5tSK95SWCa+PvD7Cvgcap69hMqmAP6hcx7uM="; openssl_3_2 = common { version = "3.2.0"; hash = "sha256-FMgm8Hx+QzcG+1xp+p4l2rlWhIRLTJYqLPG/GD60aQ4="; patches = [ ./3.0/nix-ssl-cert-file.patch Loading @@ -291,8 +298,8 @@ in { ./3.0/openssl-disable-kernel-detection.patch (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) then ./3.2/use-etc-ssl-certs-darwin.patch else ./3.2/use-etc-ssl-certs.patch) ]; withDocs = true; Loading
pkgs/top-level/all-packages.nix +1 −1 Original line number Diff line number Diff line Loading @@ -24445,7 +24445,7 @@ with pkgs; inherit (callPackages ../development/libraries/openssl { }) openssl_1_1 openssl_3 openssl_3_1; openssl_3_2; opensubdiv = callPackage ../development/libraries/opensubdiv { };
