From 3cc18d3753af79946ba7c21ccdc49a6f58642108 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Mon, 6 Mar 2017 14:30:35 -0500 Subject: Properly set the caFile for aws-sdk-cpp s3 --- src/libstore/download.cc | 3 +-- src/libstore/globals.cc | 1 + src/libstore/globals.hh | 3 +++ src/libstore/s3-binary-cache-store.cc | 1 + 4 files changed, 6 insertions(+), 2 deletions(-) (limited to 'src/libstore') diff --git a/src/libstore/download.cc b/src/libstore/download.cc index 75c00d85d344..ebea3800ac34 100644 --- a/src/libstore/download.cc +++ b/src/libstore/download.cc @@ -224,8 +224,7 @@ struct CurlDownloader : public Downloader curl_easy_setopt(req, CURLOPT_NOBODY, 1); if (request.verifyTLS) - curl_easy_setopt(req, CURLOPT_CAINFO, - getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")).c_str()); + curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str()); else { curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0); diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 07af629260af..fcd6347294ca 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -69,6 +69,7 @@ Settings::Settings() showTrace = false; enableImportNative = false; netrcFile = fmt("%s/%s", nixConfDir, "netrc"); + caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")); } diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 0ff18f8b16ea..1e6b7c083a62 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -195,6 +195,9 @@ struct Settings { downloads. */ Path netrcFile; + /* Path to the SSL CA file used */ + Path caFile; + private: SettingsMap settings, overrides; diff --git a/src/libstore/s3-binary-cache-store.cc b/src/libstore/s3-binary-cache-store.cc index 041c68c6816f..800380c62d48 100644 --- a/src/libstore/s3-binary-cache-store.cc +++ b/src/libstore/s3-binary-cache-store.cc @@ -77,6 +77,7 @@ ref S3Helper::makeConfig() res->region = Aws::Region::US_EAST_1; // FIXME: make configurable res->requestTimeoutMs = 600 * 1000; res->retryStrategy = std::make_shared(); + res->caFile = settings.caFile; return res; } -- cgit 1.4.1