diff options
| author | Shea Levy <shea@shealevy.com> | 2017-03-06 14:30:35 -0500 |
|---|---|---|
| committer | Shea Levy <shea@shealevy.com> | 2017-03-06 14:30:35 -0500 |
| commit | 3cc18d3753af79946ba7c21ccdc49a6f58642108 (patch) | |
| tree | 659e5e155b94a0981d724d395d3fc7b0f306ced5 | |
| parent | 1cf480110879ffc8aee94b4b75999da405b71d7c (diff) | |
Properly set the caFile for aws-sdk-cpp s3
| -rw-r--r-- | src/libstore/download.cc | 3 | ||||
| -rw-r--r-- | src/libstore/globals.cc | 1 | ||||
| -rw-r--r-- | src/libstore/globals.hh | 3 | ||||
| -rw-r--r-- | src/libstore/s3-binary-cache-store.cc | 1 |
4 files changed, 6 insertions, 2 deletions
diff --git a/src/libstore/download.cc b/src/libstore/download.cc index 75c00d85d..ebea3800a 100644 --- a/src/libstore/download.cc +++ b/src/libstore/download.cc @@ -224,8 +224,7 @@ struct CurlDownloader : public Downloader curl_easy_setopt(req, CURLOPT_NOBODY, 1); if (request.verifyTLS) - curl_easy_setopt(req, CURLOPT_CAINFO, - getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")).c_str()); + curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str()); else { curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0); diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 07af62926..fcd634729 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -69,6 +69,7 @@ Settings::Settings() showTrace = false; enableImportNative = false; netrcFile = fmt("%s/%s", nixConfDir, "netrc"); + caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")); } diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 0ff18f8b1..1e6b7c083 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -195,6 +195,9 @@ struct Settings { downloads. */ Path netrcFile; + /* Path to the SSL CA file used */ + Path caFile; + private: SettingsMap settings, overrides; diff --git a/src/libstore/s3-binary-cache-store.cc b/src/libstore/s3-binary-cache-store.cc index 041c68c68..800380c62 100644 --- a/src/libstore/s3-binary-cache-store.cc +++ b/src/libstore/s3-binary-cache-store.cc @@ -77,6 +77,7 @@ ref<Aws::Client::ClientConfiguration> S3Helper::makeConfig() res->region = Aws::Region::US_EAST_1; // FIXME: make configurable res->requestTimeoutMs = 600 * 1000; res->retryStrategy = std::make_shared<RetryStrategy>(); + res->caFile = settings.caFile; return res; } |