pkgs/development/compilers/go/ssl-cert-file-1.13.patch

   1 diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go
   2 index 255a8d3525..a467255a54 100644
   3 --- a/src/crypto/x509/root_cgo_darwin.go
   4 +++ b/src/crypto/x509/root_cgo_darwin.go
   5 @@ -280,6 +280,8 @@ int CopyPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots, bool debugDa
   6  import "C"
   7  import (
   8         "errors"
   9 +       "io/ioutil"
  10 +       "os"
  11         "unsafe"
  12  )
  13
  14 @@ -295,6 +297,13 @@ func loadSystemRoots() (*CertPool, error) {
  15         buf := C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(data)), C.int(C.CFDataGetLength(data)))
  16         roots := NewCertPool()
  17         roots.AppendCertsFromPEM(buf)
  18 +       if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
  19 +               data, err := ioutil.ReadFile(file)
  20 +               if err == nil {
  21 +                       roots.AppendCertsFromPEM(data)
  22 +                       return roots, nil
  23 +               }
  24 +       }
  25
  26         if C.CFDataGetLength(untrustedData) == 0 {
  27                 return roots, nil
  28 diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go
  29 index 2f6a8b8d60..b81889fe69 100644
  30 --- a/src/crypto/x509/root_darwin.go
  31 +++ b/src/crypto/x509/root_darwin.go
  32 @@ -92,6 +92,14 @@ func execSecurityRoots() (*CertPool, error) {
  33                 verifyCh    = make(chan rootCandidate)
  34         )
  35
  36 +       if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
  37 +               data, err := ioutil.ReadFile(file)
  38 +               if err == nil {
  39 +                       roots.AppendCertsFromPEM(data)
  40 +                       return roots, nil
  41 +               }
  42 +       }
  43 +
  44         // Using 4 goroutines to pipe into verify-cert seems to be
  45         // about the best we can do. The verify-cert binary seems to
  46         // just RPC to another server with coarse locking anyway, so
  47 diff --git a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go
  48 index 48de50b4ea..750e12c6b4 100644
  49 --- a/src/crypto/x509/root_unix.go
  50 +++ b/src/crypto/x509/root_unix.go
  51 @@ -38,6 +38,13 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate
  52
  53  func loadSystemRoots() (*CertPool, error) {
  54         roots := NewCertPool()
  55 +       if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" {
  56 +               data, err := ioutil.ReadFile(file)
  57 +               if err == nil {
  58 +                       roots.AppendCertsFromPEM(data)
  59 +                       return roots, nil
  60 +               }
  61 +       }
  62
  63         files := certFiles
  64         if f := os.Getenv(certFileEnv); f != "" {