diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2017-03-06T19·54+0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-03-06T19·54+0100 |
commit | 121a407eecd4a176adbfbacf49735b3dfc303e79 (patch) | |
tree | 659e5e155b94a0981d724d395d3fc7b0f306ced5 /src/libstore | |
parent | 1cf480110879ffc8aee94b4b75999da405b71d7c (diff) | |
parent | 3cc18d3753af79946ba7c21ccdc49a6f58642108 (diff) |
Merge pull request #1264 from shlevy/s3-ca-file
Properly set the caFile for aws-sdk-cpp s3
Diffstat (limited to 'src/libstore')
-rw-r--r-- | src/libstore/download.cc | 3 | ||||
-rw-r--r-- | src/libstore/globals.cc | 1 | ||||
-rw-r--r-- | src/libstore/globals.hh | 3 | ||||
-rw-r--r-- | src/libstore/s3-binary-cache-store.cc | 1 |
4 files changed, 6 insertions, 2 deletions
diff --git a/src/libstore/download.cc b/src/libstore/download.cc index 75c00d85d344..ebea3800ac34 100644 --- a/src/libstore/download.cc +++ b/src/libstore/download.cc @@ -224,8 +224,7 @@ struct CurlDownloader : public Downloader curl_easy_setopt(req, CURLOPT_NOBODY, 1); if (request.verifyTLS) - curl_easy_setopt(req, CURLOPT_CAINFO, - getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")).c_str()); + curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str()); else { curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0); diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 07af629260af..fcd6347294ca 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -69,6 +69,7 @@ Settings::Settings() showTrace = false; enableImportNative = false; netrcFile = fmt("%s/%s", nixConfDir, "netrc"); + caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")); } diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 0ff18f8b16ea..1e6b7c083a62 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -195,6 +195,9 @@ struct Settings { downloads. */ Path netrcFile; + /* Path to the SSL CA file used */ + Path caFile; + private: SettingsMap settings, overrides; diff --git a/src/libstore/s3-binary-cache-store.cc b/src/libstore/s3-binary-cache-store.cc index 041c68c6816f..800380c62d48 100644 --- a/src/libstore/s3-binary-cache-store.cc +++ b/src/libstore/s3-binary-cache-store.cc @@ -77,6 +77,7 @@ ref<Aws::Client::ClientConfiguration> S3Helper::makeConfig() res->region = Aws::Region::US_EAST_1; // FIXME: make configurable res->requestTimeoutMs = 600 * 1000; res->retryStrategy = std::make_shared<RetryStrategy>(); + res->caFile = settings.caFile; return res; } |