NixOS · lukateras · Oct 17, 2018 · Mic92 · Oct 17, 2018 · lukateras
diff --git a/pkgs/development/libraries/gnutls/generic.nix b/pkgs/development/libraries/gnutls/generic.nix
@@ -6,7 +6,7 @@
 # Version dependent args
 , version, src, patches ? [], postPatch ? "", nativeBuildInputs ? []
 , buildInputs ? []
-, ...}:
+, ... }:
 
 assert guileBindings -> guile != null;
 let
@@ -15,10 +15,12 @@ let
   doCheck = !stdenv.isFreeBSD && !stdenv.isDarwin && lib.versionAtLeast version "3.4"
       && stdenv.buildPlatform == stdenv.hostPlatform;
 in
+
 stdenv.mkDerivation {
   name = "gnutls-${version}";
+  inherit src version;
 
-  inherit src patches;
+  patches = patches ++ [ ./ssl-cert-file.patch ];
 
   outputs = [ "bin" "dev" "out" "man" "devdoc" ];
   outputInfo = "devdoc";

diff --git a/pkgs/development/libraries/gnutls/ssl-cert-file.patch b/pkgs/development/libraries/gnutls/ssl-cert-file.patch
@@ -0,0 +1,36 @@
+From 53091092876e668a4c43a4944d1b821015dea7a3 Mon Sep 17 00:00:00 2001
+From: Yegor Timoshenko <yegortimoshenko@riseup.net>
+Date: Wed, 17 Oct 2018 07:48:34 +0000
+Subject: [PATCH] Handle SSL_CERT_FILE environment variable
+
+---
+ lib/system/certs.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/lib/system/certs.c b/lib/system/certs.c
+index 53eb561d0..6adb960e3 100644
+--- a/lib/system/certs.c
++++ b/lib/system/certs.c
+@@ -137,6 +137,19 @@ add_system_trust(gnutls_x509_trust_list_t list,
+ 		r += ret;
+ #endif
+
++	char *env = secure_getenv("SSL_CERT_FILE");
++
++	if (env != NULL) {
++		ret =
++		    gnutls_x509_trust_list_add_trust_file(list,
++							  env,
++							  crl_file,
++							  GNUTLS_X509_FMT_PEM,
++							  tl_flags, tl_vflags);
++		if (ret > 0)
++			r += ret;
++	}
++
+ #ifdef DEFAULT_BLACKLIST_FILE
+ 	ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
+ 	if (ret < 0) {
+-- 
+2.19.0
+