From 847f19a5f7a558252bbde9b4c70efa5f7fac1f4f Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Mon, 12 Jun 2017 16:44:43 +0200
Subject: Provide a builtin default for $NIX_SSL_CERT_FILE

This is mostly to ensure that when Nix is started on macOS via a
launchd service or sshd (for a remote build), it gets a certificate
bundle.
---
 src/libstore/download.cc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src/libstore/download.cc')

diff --git a/src/libstore/download.cc b/src/libstore/download.cc
index 63e498f0603a..33ab1f027829 100644
--- a/src/libstore/download.cc
+++ b/src/libstore/download.cc
@@ -221,9 +221,10 @@ struct CurlDownloader : public Downloader
             if (request.head)
                 curl_easy_setopt(req, CURLOPT_NOBODY, 1);
 
-            if (request.verifyTLS)
-                curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str());
-            else {
+            if (request.verifyTLS) {
+                if (settings.caFile != "")
+                    curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str());
+            } else {
                 curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0);
                 curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
             }
-- 
cgit 1.4.1