From 6f61d8b0f65ff6514114008cfef35b5e979850f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Mon, 21 Jan 2019 21:15:42 +0100
Subject: [PATCH] openssl_1_1: use the same default CA path as 1.0.*

Fixes https://github.com/NixOS/nixpkgs/issues/54437
---
 .../openssl/1.1/use-etc-ssl-certs-darwin.patch      | 13 +++++++++++++
 .../libraries/openssl/1.1/use-etc-ssl-certs.patch   | 13 +++++++++++++
 pkgs/development/libraries/openssl/default.nix      |  8 +++++++-
 3 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch
 create mode 100644 pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch

diff --git a/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch
new file mode 100644
index 000000000000..2c98ccfa7ed0
--- /dev/null
+++ b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs-darwin.patch
@@ -0,0 +1,13 @@
+diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
+index 329ef62..9a8df64 100644
+--- a/include/internal/cryptlib.h
++++ b/include/internal/cryptlib.h
+@@ -56,7 +56,7 @@ DEFINE_LHASH_OF(MEM);
+ # ifndef OPENSSL_SYS_VMS
+ #  define X509_CERT_AREA          OPENSSLDIR
+ #  define X509_CERT_DIR           OPENSSLDIR "/certs"
+-#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
++#  define X509_CERT_FILE          "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
+ #  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+ #  define CTLOG_FILE              OPENSSLDIR "/ct_log_list.cnf"
+ # else
diff --git a/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch
new file mode 100644
index 000000000000..67d199681f96
--- /dev/null
+++ b/pkgs/development/libraries/openssl/1.1/use-etc-ssl-certs.patch
@@ -0,0 +1,13 @@
+diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
+index 329ef62..9a8df64 100644
+--- a/include/internal/cryptlib.h
++++ b/include/internal/cryptlib.h
+@@ -56,7 +56,7 @@ DEFINE_LHASH_OF(MEM);
+ # ifndef OPENSSL_SYS_VMS
+ #  define X509_CERT_AREA          OPENSSLDIR
+ #  define X509_CERT_DIR           OPENSSLDIR "/certs"
+-#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
++#  define X509_CERT_FILE          "/etc/ssl/certs/ca-certificates.crt"
+ #  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+ #  define CTLOG_FILE              OPENSSLDIR "/ct_log_list.cnf"
+ # else
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 32fd6e727f7d..0954e1b70bb7 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -134,7 +134,13 @@ in {
   openssl_1_1 = common {
     version = "1.1.1a";
     sha256 = "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w";
-    patches = [ ./1.1/nix-ssl-cert-file.patch ];
+    patches = [
+      ./1.1/nix-ssl-cert-file.patch
+
+      (if stdenv.hostPlatform.isDarwin
+       then ./1.1/use-etc-ssl-certs-darwin.patch
+       else ./1.1/use-etc-ssl-certs.patch)
+    ];
     withDocs = true;
   };