Provide a builtin default for $NIX_SSL_CERT_FILE

This is mostly to ensure that when Nix is started on macOS via a launchd service or sshd (for a remote build), it gets a certificate bundle.
author: Eelco Dolstra <edolstra@gmail.com> 2017-06-12T14·44+0200
committer: Eelco Dolstra <edolstra@gmail.com> 2017-06-12T14·44+0200
commit: 847f19a5f7a558252bbde9b4c70efa5f7fac1f4f (patch)
tree: 42f5b98f0253065f6a10ae02f9fd9d4264990f8b /src/libstore/download.cc
parent: 7f5b750b401e98e9e2a346552aba5bd2e0a9203f (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/src/libstore/download.cc b/src/libstore/download.cc
index 63e498f060..33ab1f0278 100644
--- a/src/libstore/download.cc
+++ b/src/libstore/download.cc
@@ -221,9 +221,10 @@ struct CurlDownloader : public Downloader
             if (request.head)
                 curl_easy_setopt(req, CURLOPT_NOBODY, 1);
 
-            if (request.verifyTLS)
-                curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str());
-            else {
+            if (request.verifyTLS) {
+                if (settings.caFile != "")
+                    curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str());
+            } else {
                 curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0);
                 curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
             }
author	Eelco Dolstra <edolstra@gmail.com>	2017-06-12T14·44+0200
committer	Eelco Dolstra <edolstra@gmail.com>	2017-06-12T14·44+0200
commit	847f19a5f7a558252bbde9b4c70efa5f7fac1f4f (patch)
tree	42f5b98f0253065f6a10ae02f9fd9d4264990f8b /src/libstore/download.cc
parent	7f5b750b401e98e9e2a346552aba5bd2e0a9203f (diff)