From 1fd9e6140013de18c7e38f130c7fce628a85608d Mon Sep 17 00:00:00 2001
From: Fabian Otto <fabian.otto@gmail.com>
Date: Fri, 31 Jan 2025 22:23:36 +0100
Subject: [PATCH] use NIX_SSL_CERT_FILE if set for vendoring cargo dependencies

this should fix issue #304483. when running fetchCargoTarball behind a
cooperate MITM ssl proxy
---
 pkgs/build-support/rust/fetch-cargo-tarball/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/build-support/rust/fetch-cargo-tarball/default.nix b/pkgs/build-support/rust/fetch-cargo-tarball/default.nix
index 0821592e1fe1a..a7149db1c76c1 100644
--- a/pkgs/build-support/rust/fetch-cargo-tarball/default.nix
+++ b/pkgs/build-support/rust/fetch-cargo-tarball/default.nix
@@ -119,7 +119,7 @@ stdenv.mkDerivation (
       ${cargoUpdateHook}
 
       # Override the `http.cainfo` option usually specified in `.cargo/config`.
-      export CARGO_HTTP_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
+      export CARGO_HTTP_CAINFO="''${NIX_SSL_CERT_FILE:-${cacert}/etc/ssl/certs/ca-bundle.crt}
 
       if grep '^source = "git' Cargo.lock; then
           echo