diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index f8d1506cca34..4f8daf38d467 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -28,8 +28,6 @@ stdenv.mkDerivation rec {
     sha256 = "1s1hyndva0yp62xy96pcp4anzrvw6cl0abjajim17sbmdp00fwhw";
   };
 
-  patches = [ ./nix-ssl-cert-file.patch ];
-
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];
 
   enableParallelBuilding = true;
@@ -57,9 +55,7 @@ stdenv.mkDerivation rec {
   '';
 
   configureFlags = [
-      # OS X does not have a default system bundle, so we assume cacerts is installed in the default nix-env profile
-      # This sucks. We should probably just include the latest cacerts in the darwin bootstrap.
-      "--with-ca-bundle=${if stdenv.isDarwin then "/nix/var/nix/profiles/default" else ""}/etc/ssl/certs/ca-${if stdenv.isDarwin then "bundle" else "certificates"}.crt"
+      "--with-ca-fallback"
       "--disable-manual"
       ( if sslSupport then "--with-ssl=${openssl.dev}" else "--without-ssl" )
       ( if gnutlsSupport then "--with-gnutls=${gnutls.dev}" else "--without-gnutls" )
diff --git a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch b/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
deleted file mode 100644
index 14eaea7071bf..000000000000
--- a/pkgs/tools/networking/curl/nix-ssl-cert-file.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-diff --git a/lib/url.c b/lib/url.c
-index 03feaa20f..43d3baa80 100644
---- a/lib/url.c
-+++ b/lib/url.c
-@@ -574,11 +574,15 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
- 
-   /* This is our preferred CA cert bundle/path since install time */
- #if defined(CURL_CA_BUNDLE)
--  result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], CURL_CA_BUNDLE);
-+  char* env = curl_getenv("NIX_SSL_CERT_FILE");
-+  if (!env)
-+      env = CURL_CA_BUNDLE;
-+
-+  result = setstropt(&set->str[STRING_SSL_CAFILE_ORIG], env);
-   if(result)
-     return result;
- 
--  result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], CURL_CA_BUNDLE);
-+  result = setstropt(&set->str[STRING_SSL_CAFILE_PROXY], env);
-   if(result)
-     return result;
- #endif
-diff --git a/src/tool_operate.c b/src/tool_operate.c
-index 572c8d0cc..ca4fb31cb 100644
---- a/src/tool_operate.c
-+++ b/src/tool_operate.c
-@@ -265,7 +265,9 @@ static CURLcode operate_do(struct GlobalConfig *global,
-         capath_from_env = true;
-       }
-       else {
--        env = curlx_getenv("SSL_CERT_FILE");
-+        env = curlx_getenv("NIX_SSL_CERT_FILE");
-+        if(!env)
-+          env = curlx_getenv("SSL_CERT_FILE");
-         if(env) {
-           config->cacert = strdup(env);
-           if(!config->cacert) {