From bd7f379a3f4d661a0ae611e7ca4d7d85297f13d7 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 2 Mar 2016 15:00:32 +0100 Subject: [PATCH] LWP::Protocol::https: Fix SSL cert handling We lost this in 9f358f809d1db46f3206d4a09a5366f13c93e777. Updated to use /etc/ssl/certs/ca-certificates.crt if it exists and SSL_CERT_FILE is not set. --- .../lwp-protocol-https-cert-file.patch | 15 +++++++++++++++ pkgs/top-level/perl-packages.nix | 1 + 2 files changed, 16 insertions(+) create mode 100644 pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch diff --git a/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch b/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch new file mode 100644 index 000000000000..119c8b61da36 --- /dev/null +++ b/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch @@ -0,0 +1,15 @@ +diff -ru -x '*~' LWP-Protocol-https-6.04-orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm +--- LWP-Protocol-https-6.04-orig/lib/LWP/Protocol/https.pm 2013-04-29 23:16:18.000000000 +0200 ++++ LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm 2016-03-02 14:59:01.639844511 +0100 +@@ -24,6 +24,11 @@ + } + if ($ssl_opts{SSL_verify_mode}) { + unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { ++ $ssl_opts{SSL_ca_file} = $ENV{'SSL_CERT_FILE'}; ++ $ssl_opts{SSL_ca_file} = "/etc/ssl/certs/ca-certificates.crt" ++ if !defined $ssl_opts{SSL_ca_file} && -e "/etc/ssl/certs/ca-certificates.crt"; ++ } ++ unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) { + eval { + require Mozilla::CA; + }; diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index e61f24ae3c2a..18ef6145df0f 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -6950,6 +6950,7 @@ let self = _self // overrides; _self = with self; { url = mirror://cpan/authors/id/G/GA/GAAS/LWP-Protocol-https-6.04.tar.gz; sha256 = "0agnga5dg94222h6rlzqxa0dri2sh3gayncvfb7jad9nxr87gxhy"; }; + patches = [ ../development/perl-modules/lwp-protocol-https-cert-file.patch ]; propagatedBuildInputs = [ LWP IOSocketSSL ]; doCheck = false; # tries to connect to https://www.apache.org/. meta = {