diff options
-rw-r--r-- | src/libstore/download.cc | 3 | ||||
-rw-r--r-- | src/libstore/globals.cc | 1 | ||||
-rw-r--r-- | src/libstore/globals.hh | 3 | ||||
-rw-r--r-- | src/libstore/s3-binary-cache-store.cc | 1 |
4 files changed, 6 insertions, 2 deletions
diff --git a/src/libstore/download.cc b/src/libstore/download.cc index 75c00d85d344..ebea3800ac34 100644 --- a/src/libstore/download.cc +++ b/src/libstore/download.cc @@ -224,8 +224,7 @@ struct CurlDownloader : public Downloader curl_easy_setopt(req, CURLOPT_NOBODY, 1); if (request.verifyTLS) - curl_easy_setopt(req, CURLOPT_CAINFO, - getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")).c_str()); + curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str()); else { curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0); diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 07af629260af..fcd6347294ca 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -69,6 +69,7 @@ Settings::Settings() showTrace = false; enableImportNative = false; netrcFile = fmt("%s/%s", nixConfDir, "netrc"); + caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")); } diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 0ff18f8b16ea..1e6b7c083a62 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -195,6 +195,9 @@ struct Settings { downloads. */ Path netrcFile; + /* Path to the SSL CA file used */ + Path caFile; + private: SettingsMap settings, overrides; diff --git a/src/libstore/s3-binary-cache-store.cc b/src/libstore/s3-binary-cache-store.cc index 041c68c6816f..800380c62d48 100644 --- a/src/libstore/s3-binary-cache-store.cc +++ b/src/libstore/s3-binary-cache-store.cc @@ -77,6 +77,7 @@ ref<Aws::Client::ClientConfiguration> S3Helper::makeConfig() res->region = Aws::Region::US_EAST_1; // FIXME: make configurable res->requestTimeoutMs = 600 * 1000; res->retryStrategy = std::make_shared<RetryStrategy>(); + res->caFile = settings.caFile; return res; } |