libressl: fixing nc for version>=2.9

This addresses https://github.com/NixOS/nixpkgs/issues/68286 When `-R` (CA file location) is not specified, nc tries to fall back to a default location. In 2.8 this was still configurable at compile time, but was changed somewhere after. This replaces `/etc/ssl/cert.pem` with `${cacert}/etc/ssl/cert.pem` in the code directly. For a discussion of this, see https://github.com/NixOS/nixpkgs/pull/68456
author: Dima <dgoldin+github@protonmail.ch> 2019-09-10 00:01:59 +0200
committer: Dima <dgoldin+github@protonmail.ch> 2019-09-17 23:08:43 +0200
commit: 044f771d593bacc97c56cdfe046f527cd3a30184 (patch)
tree: 8c1d54e63b94af0c25bcbff632756c303828fb44
parent: 78879ae0e99a00d5abadb16c6bc1d20c517dffcf (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix
index 71b8d2bb20e6..4bfa6cd0b8e4 100644
--- a/pkgs/development/libraries/libressl/default.nix
+++ b/pkgs/development/libraries/libressl/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, lib, cmake }:
+{ stdenv, fetchurl, lib, cmake, cacert }:
 
 let
 
@@ -31,6 +31,12 @@ let
       rm configure
     '';
 
+    # Since 2.9.x the default location can't be configured from the build using
+    # DEFAULT_CA_FILE anymore, instead we have to patch the default value.
+    postPatch = lib.optionalString (lib.versionAtLeast version "2.9.2") ''
+      substituteInPlace ./tls/tls_config.c --replace '"/etc/ssl/cert.pem"' '"${cacert}/etc/ssl/certs/ca-bundle.crt"'
+    '';
+
     enableParallelBuilding = true;
 
     outputs = [ "bin" "dev" "out" "man" "nc" ];
author	Dima <dgoldin+github@protonmail.ch>	2019-09-10 00:01:59 +0200
committer	Dima <dgoldin+github@protonmail.ch>	2019-09-17 23:08:43 +0200
commit	044f771d593bacc97c56cdfe046f527cd3a30184 (patch)
tree	8c1d54e63b94af0c25bcbff632756c303828fb44
parent	78879ae0e99a00d5abadb16c6bc1d20c517dffcf (diff)