Properly set the caFile for aws-sdk-cpp s3

2017-03-06 14:30:35 -05:00 · 2017-03-06 14:30:35 -05:00 · 3cc18d3753
commit 3cc18d3753
parent 1cf4801108
4 changed files with 6 additions and 2 deletions
--- a/src/libstore/download.cc
+++ b/src/libstore/download.cc
@ -224,8 +224,7 @@ struct CurlDownloader : public Downloader
                curl_easy_setopt(req, CURLOPT_NOBODY, 1);

            if (request.verifyTLS)
-                curl_easy_setopt(req, CURLOPT_CAINFO,
-                    getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")).c_str());
+                curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str());
            else {
                curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0);
                curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@ -69,6 +69,7 @@ Settings::Settings()
    showTrace = false;
    enableImportNative = false;
    netrcFile = fmt("%s/%s", nixConfDir, "netrc");
+    caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt"));
 }


--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@ -195,6 +195,9 @@ struct Settings {
       downloads. */
    Path netrcFile;

+    /* Path to the SSL CA file used */
+    Path caFile;
+
 private:
    SettingsMap settings, overrides;

--- a/src/libstore/s3-binary-cache-store.cc
+++ b/src/libstore/s3-binary-cache-store.cc
@ -77,6 +77,7 @@ ref<Aws::Client::ClientConfiguration> S3Helper::makeConfig()
    res->region = Aws::Region::US_EAST_1; // FIXME: make configurable
    res->requestTimeoutMs = 600 * 1000;
    res->retryStrategy = std::make_shared<RetryStrategy>();
+    res->caFile = settings.caFile;
    return res;
 }