openssl: default to default profile CA on darwin

(cherry picked from commit c86f05e7ce13e64238960ebf3ee9706142db961b)

2 files changed, 15 insertions, 1 deletions

diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 947c0e30f993..a9f8c32dde9b 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -20,7 +20,8 @@ let
     patches =
       (args.patches or [])
       ++ [ ./nix-ssl-cert-file.patch ]
-      ++ optional (versionOlder version "1.1.0") ./use-etc-ssl-certs.patch
+      ++ optional (versionOlder version "1.1.0")
+          (if stdenv.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch)
       ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch
       ++ optional
            (versionOlder version "1.0.2" && (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem")))
diff --git a/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch b/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch
new file mode 100644
index 000000000000..3d9ee7e6a822
--- /dev/null
+++ b/pkgs/development/libraries/openssl/use-etc-ssl-certs-darwin.patch
@@ -0,0 +1,13 @@
+diff -ru -x '*~' openssl-1.0.1r-orig/crypto/cryptlib.h openssl-1.0.1r/crypto/cryptlib.h
+--- openssl-1.0.1r-orig/crypto/cryptlib.h	2016-01-28 14:38:30.000000000 +0100
++++ openssl-1.0.1r/crypto/cryptlib.h	2016-02-03 12:54:29.193165176 +0100
+@@ -81,8 +81,8 @@
+ 
+ # ifndef OPENSSL_SYS_VMS
+ #  define X509_CERT_AREA          OPENSSLDIR
+ #  define X509_CERT_DIR           OPENSSLDIR "/certs"
+-#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
++#  define X509_CERT_FILE          "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
+ #  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+ # else
+ #  define X509_CERT_AREA          "SSLROOT:[000000]"