openssl: Remove References to OPENSSL_X509_CERT_FILE

2015-05-31 15:48:17 -07:00 · 2015-05-31 15:48:17 -07:00 · 867d2c5c46
commit 867d2c5c46
parent afa5859716
7 changed files with 7 additions and 33 deletions
--- a/nixos/modules/programs/venus.nix
+++ b/nixos/modules/programs/venus.nix
@ -166,7 +166,7 @@ in
        script = "exec venus-planet ${configFile}";
        serviceConfig.User = "${cfg.user}";
        serviceConfig.Group = "${cfg.group}";
-        environment.OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
+        environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
        startAt = cfg.dates;
      };

--- a/nixos/modules/security/ca.nix
+++ b/nixos/modules/security/ca.nix
@ -66,8 +66,6 @@ in

    environment.sessionVariables =
      { SSL_CERT_FILE          = "/etc/ssl/certs/ca-certificates.crt";
-        # FIXME: unneeded - remove eventually.
-        OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
        # FIXME: unneeded - remove eventually.
        GIT_SSL_CAINFO         = "/etc/ssl/certs/ca-certificates.crt";
      };
--- a/pkgs/applications/networking/cluster/panamax/api/default.nix
+++ b/pkgs/applications/networking/cluster/panamax/api/default.nix
@ -62,7 +62,6 @@ stdenv.mkDerivation rec {
      --prefix "PATH" : "$out/share/panamax-api/bin:${env.ruby}/bin:$PATH" \
      --prefix "HOME" : "$out/share/panamax-api" \
      --prefix "GEM_HOME" : "${env}/${env.ruby.gemPath}" \
-      --prefix "OPENSSL_X509_CERT_FILE" : "${cacert}/ca-bundle.crt" \
      --prefix "SSL_CERT_FILE" : "${cacert}/ca-bundle.crt" \
      --prefix "GEM_PATH" : "$out/share/panamax-api:${bundler}/${env.ruby.gemPath}"
  '';
--- a/pkgs/applications/networking/instant-messengers/tkabber/default.nix
+++ b/pkgs/applications/networking/instant-messengers/tkabber/default.nix
@ -43,7 +43,7 @@ in mkTkabber (main // {
  postPatch = ''
    substituteInPlace login.tcl --replace \
      "custom::defvar loginconf(sslcacertstore) \"\"" \
-      "custom::defvar loginconf(sslcacertstore) \$env(OPENSSL_X509_CERT_FILE)"
+      "custom::defvar loginconf(sslcacertstore) \$env(SSL_CERT_FILE)"
  '' + optionalString (theme != null) ''
    themePath="$out/share/doc/tkabber/examples/xrdb/${theme}.xrdb"
    sed -i '/^if.*load_default_xrdb/,/^}$/ {
--- a/pkgs/applications/version-management/git-and-tools/git/cert-path.patch
+++ b/pkgs/applications/version-management/git-and-tools/git/cert-path.patch
@ -5,7 +5,7 @@ diff -ru -x '*~' git-1.9.2-orig/git-send-email.perl git-1.9.2/git-send-email.per
 		return;
 	}
 
-+	$smtp_ssl_cert_path //= $ENV{'OPENSSL_X509_CERT_FILE'};
+	$smtp_ssl_cert_path //= $ENV{'SSL_CERT_FILE'};
 +
 	if (!defined $smtp_ssl_cert_path) {
 		# use the OpenSSL defaults
--- a/pkgs/development/libraries/openssl/1.0.2.x.nix
+++ b/pkgs/development/libraries/openssl/1.0.2.x.nix
@ -10,30 +10,7 @@ let

  patchesCross = isCross: let
    isDarwin = stdenv.isDarwin || (isCross && stdenv.cross.libc == "libSystem");
-  in
-    [ # Allow the location of the X509 certificate file (the CA
-      # bundle) to be set through the environment variable
-      # ‘OPENSSL_X509_CERT_FILE’.  This is necessary because the
-      # default location ($out/ssl/cert.pem) doesn't exist, and
-      # hardcoding something like /etc/ssl/cert.pem is impure and
-      # cannot be overriden per-process.  For security, the
-      # environment variable is ignored for setuid binaries.
-      # FIXME: drop this patch; it really isn't necessary, because
-      # OpenSSL already supports a ‘SSL_CERT_FILE’ variable.
-      ./cert-file.patch
-    ]
-
-    ++ stdenv.lib.optionals (isCross && opensslCrossSystem == "hurd-x86")
-         [ ./cert-file-path-max.patch # merge with `cert-file.patch' eventually
-           ./gnu.patch                # submitted upstream
-         ]
-
-    ++ stdenv.lib.optionals (stdenv.system == "x86_64-kfreebsd-gnu")
-        [ ./gnu.patch
-          ./kfreebsd-gnu.patch
-        ]
-
-    ++ stdenv.lib.optional isDarwin ./darwin-arch.patch;
+  in stdenv.lib.optional isDarwin ./darwin-arch.patch;

  extraPatches = stdenv.lib.optional stdenv.isCygwin ./1.0.1-cygwin64.patch;
 in
--- a/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch
+++ b/pkgs/development/perl-modules/lwp-protocol-https-cert-file.patch
@ -1,4 +1,4 @@
-Use $OPENSSL_X509_CERT_FILE to get the CA certificates.
+Use $SSL_CERT_FILE to get the CA certificates.

 diff -ru -x '*~' LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm LWP-Protocol-https-6.02/lib/LWP/Protocol/https.pm
 --- LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm	2011-03-27 13:54:01.000000000 +0200
@ -7,8 +7,8 @@ diff -ru -x '*~' LWP-Protocol-https-6.02-orig/lib/LWP/Protocol/https.pm LWP-Prot
     }
     if ($ssl_opts{SSL_verify_mode}) {
 	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {
-+            if (defined $ENV{'OPENSSL_X509_CERT_FILE'}) {
-+                $ssl_opts{SSL_ca_file} = $ENV{'OPENSSL_X509_CERT_FILE'};
+            if (defined $ENV{'SSL_CERT_FILE'}) {
+                $ssl_opts{SSL_ca_file} = $ENV{'SSL_CERT_FILE'};
 +            }
 +        }
 +	unless (exists $ssl_opts{SSL_ca_file} || exists $ssl_opts{SSL_ca_path}) {