Merge pull request #1264 from shlevy/s3-ca-file
Properly set the caFile for aws-sdk-cpp s3
This commit is contained in:
commit
121a407eec
|
@ -224,8 +224,7 @@ struct CurlDownloader : public Downloader
|
|||
curl_easy_setopt(req, CURLOPT_NOBODY, 1);
|
||||
|
||||
if (request.verifyTLS)
|
||||
curl_easy_setopt(req, CURLOPT_CAINFO,
|
||||
getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")).c_str());
|
||||
curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str());
|
||||
else {
|
||||
curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0);
|
||||
curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
|
||||
|
|
|
@ -69,6 +69,7 @@ Settings::Settings()
|
|||
showTrace = false;
|
||||
enableImportNative = false;
|
||||
netrcFile = fmt("%s/%s", nixConfDir, "netrc");
|
||||
caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt"));
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -195,6 +195,9 @@ struct Settings {
|
|||
downloads. */
|
||||
Path netrcFile;
|
||||
|
||||
/* Path to the SSL CA file used */
|
||||
Path caFile;
|
||||
|
||||
private:
|
||||
SettingsMap settings, overrides;
|
||||
|
||||
|
|
|
@ -77,6 +77,7 @@ ref<Aws::Client::ClientConfiguration> S3Helper::makeConfig()
|
|||
res->region = Aws::Region::US_EAST_1; // FIXME: make configurable
|
||||
res->requestTimeoutMs = 600 * 1000;
|
||||
res->retryStrategy = std::make_shared<RetryStrategy>();
|
||||
res->caFile = settings.caFile;
|
||||
return res;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue