about summary refs log tree commit diff
path: root/src/libstore
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2017-03-06T19·54+0100
committerGitHub <noreply@github.com>2017-03-06T19·54+0100
commit121a407eecd4a176adbfbacf49735b3dfc303e79 (patch)
tree659e5e155b94a0981d724d395d3fc7b0f306ced5 /src/libstore
parent1cf480110879ffc8aee94b4b75999da405b71d7c (diff)
parent3cc18d3753af79946ba7c21ccdc49a6f58642108 (diff)
Merge pull request #1264 from shlevy/s3-ca-file
Properly set the caFile for aws-sdk-cpp s3
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/download.cc3
-rw-r--r--src/libstore/globals.cc1
-rw-r--r--src/libstore/globals.hh3
-rw-r--r--src/libstore/s3-binary-cache-store.cc1
4 files changed, 6 insertions, 2 deletions
diff --git a/src/libstore/download.cc b/src/libstore/download.cc
index 75c00d85d344..ebea3800ac34 100644
--- a/src/libstore/download.cc
+++ b/src/libstore/download.cc
@@ -224,8 +224,7 @@ struct CurlDownloader : public Downloader
                 curl_easy_setopt(req, CURLOPT_NOBODY, 1);
 
             if (request.verifyTLS)
-                curl_easy_setopt(req, CURLOPT_CAINFO,
-                    getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")).c_str());
+                curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str());
             else {
                 curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0);
                 curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index 07af629260af..fcd6347294ca 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -69,6 +69,7 @@ Settings::Settings()
     showTrace = false;
     enableImportNative = false;
     netrcFile = fmt("%s/%s", nixConfDir, "netrc");
+    caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt"));
 }
 
 
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 0ff18f8b16ea..1e6b7c083a62 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -195,6 +195,9 @@ struct Settings {
        downloads. */
     Path netrcFile;
 
+    /* Path to the SSL CA file used */
+    Path caFile;
+
 private:
     SettingsMap settings, overrides;
 
diff --git a/src/libstore/s3-binary-cache-store.cc b/src/libstore/s3-binary-cache-store.cc
index 041c68c6816f..800380c62d48 100644
--- a/src/libstore/s3-binary-cache-store.cc
+++ b/src/libstore/s3-binary-cache-store.cc
@@ -77,6 +77,7 @@ ref<Aws::Client::ClientConfiguration> S3Helper::makeConfig()
     res->region = Aws::Region::US_EAST_1; // FIXME: make configurable
     res->requestTimeoutMs = 600 * 1000;
     res->retryStrategy = std::make_shared<RetryStrategy>();
+    res->caFile = settings.caFile;
     return res;
 }