upstream: github.com/mirage/ca-certs
Merge pull request #23 from hannesm/support-ssl-cert-file
Read the environment variable SSL_CERT_FILE, as proposed in #22
authored by
Hannes Mehnert
and committed by
GitHub
bbac5d2f
3ef446a5
+11
-7
+8
-4
lib/ca_certs.ml
+8
-4
lib/ca_certs.ml
···
44
44
45
45
(* from https://golang.org/src/crypto/x509/root_bsd.go *)
46
46
let openbsd_location = "/etc/ssl/cert.pem"
47
-
48
47
let freebsd_location = "/usr/local/share/certs/ca-root-nss.crt"
49
48
50
49
let macos_keychain_location =
···
83
82
if Sys.win32 then windows_trust_anchors ()
84
83
else
85
84
(* NixOS is special and sets "NIX_SSL_CERT_FILE" as location during builds *)
86
-
match Sys.getenv_opt "NIX_SSL_CERT_FILE" with
87
-
| Some x ->
85
+
match
86
+
(Sys.getenv_opt "SSL_CERT_FILE", Sys.getenv_opt "NIX_SSL_CERT_FILE")
87
+
with
88
+
| Some x, _ ->
89
+
Log.info (fun m -> m "using %s (from SSL_CERT_FILE)" x);
90
+
detect_one x
91
+
| _, Some x ->
88
92
Log.info (fun m -> m "using %s (from NIX_SSL_CERT_FILE)" x);
89
93
detect_one x
90
-
| None -> (
94
+
| None, None -> (
91
95
let cmd = Bos.Cmd.(v "uname" % "-s") in
92
96
let* os = Bos.OS.Cmd.(run_out cmd |> out_string |> success) in
93
97
match os with
+2
-1
lib/ca_certs.mli
+2
-1
lib/ca_certs.mli
···
13
13
val trust_anchors : unit -> (string, [> `Msg of string ]) result
14
14
(** [trust_anchors ()] detects the root CAs (trust anchors) in the operating
15
15
system's trust store. On Unix systems, if the environment variable
16
-
[NIX_SSL_CERT_FILE] is set, its value is used as path to the trust anchors.
16
+
[SSL_CERT_FILE] is set, its value is used as path to the trust anchors.
17
+
Otherwise, if [NIX_SSL_CERT_FILE] is set, its value is used.
17
18
The successful result is a list of pem-encoded X509 certificates. *)