upstream: github.com/mirage/ca-certs
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge pull request #17 from hannesm/nix

on Linux, respect NIX_SSL_CERT_FILE

authored by

Hannes Mehnert and committed by
GitHub
b40ddf02 0897b71d

+21 -14
+19 -13
lib/ca_certs.ml
··· 81 81 let open Rresult.R.Infix in 82 82 if Sys.win32 then windows_trust_anchors () 83 83 else 84 - let cmd = Bos.Cmd.(v "uname" % "-s") in 85 - Bos.OS.Cmd.(run_out cmd |> out_string |> success) >>= function 86 - | "FreeBSD" -> detect_one freebsd_location 87 - | "OpenBSD" -> detect_one openbsd_location 88 - | "Linux" -> detect_list linux_locations 89 - | "Darwin" -> 90 - let cmd = 91 - Bos.Cmd.( 92 - v "security" % "find-certificate" % "-a" % "-p" 93 - % macos_keychain_location) 94 - in 95 - Bos.OS.Cmd.(run_out cmd |> out_string |> success) 96 - | s -> Error (`Msg ("ca-certs: unknown system " ^ s ^ ".\n" ^ issue)) 84 + (* NixOS is special and sets "NIX_SSL_CERT_FILE" as location during builds *) 85 + match Sys.getenv_opt "NIX_SSL_CERT_FILE" with 86 + | Some x -> 87 + Log.info (fun m -> m "using %s (from NIX_SSL_CERT_FILE)" x); 88 + detect_one x 89 + | None -> ( 90 + let cmd = Bos.Cmd.(v "uname" % "-s") in 91 + Bos.OS.Cmd.(run_out cmd |> out_string |> success) >>= function 92 + | "FreeBSD" -> detect_one freebsd_location 93 + | "OpenBSD" -> detect_one openbsd_location 94 + | "Linux" -> detect_list linux_locations 95 + | "Darwin" -> 96 + let cmd = 97 + Bos.Cmd.( 98 + v "security" % "find-certificate" % "-a" % "-p" 99 + % macos_keychain_location) 100 + in 101 + Bos.OS.Cmd.(run_out cmd |> out_string |> success) 102 + | s -> Error (`Msg ("ca-certs: unknown system " ^ s ^ ".\n" ^ issue))) 97 103 98 104 let authenticator ?crls ?allowed_hashes () = 99 105 let open Rresult.R.Infix in
+2 -1
lib/ca_certs.mli
··· 12 12 13 13 val trust_anchors : unit -> (string, [> `Msg of string ]) result 14 14 (** [trust_anchors ()] detects the root CAs (trust anchors) in the operating 15 - system's trust store. 15 + system's trust store. On Unix systems, if the environment variable 16 + [NIX_SSL_CERT_FILE] is set, its value is used as path to the trust anchors. 16 17 The successful result is a list of pem-encoded X509 certificates. *)