Merge pull request #1264 from shlevy/s3-ca-file

Properly set the caFile for aws-sdk-cpp s3
This commit is contained in:
Eelco Dolstra 2017-03-06 20:54:52 +01:00 committed by GitHub
commit 121a407eec
4 changed files with 6 additions and 2 deletions

View file

@ -224,8 +224,7 @@ struct CurlDownloader : public Downloader
curl_easy_setopt(req, CURLOPT_NOBODY, 1);
if (request.verifyTLS)
curl_easy_setopt(req, CURLOPT_CAINFO,
getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")).c_str());
curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str());
else {
curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);

View file

@ -69,6 +69,7 @@ Settings::Settings()
showTrace = false;
enableImportNative = false;
netrcFile = fmt("%s/%s", nixConfDir, "netrc");
caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt"));
}

View file

@ -195,6 +195,9 @@ struct Settings {
downloads. */
Path netrcFile;
/* Path to the SSL CA file used */
Path caFile;
private:
SettingsMap settings, overrides;

View file

@ -77,6 +77,7 @@ ref<Aws::Client::ClientConfiguration> S3Helper::makeConfig()
res->region = Aws::Region::US_EAST_1; // FIXME: make configurable
res->requestTimeoutMs = 600 * 1000;
res->retryStrategy = std::make_shared<RetryStrategy>();
res->caFile = settings.caFile;
return res;
}