Merge pull request #1264 from shlevy/s3-ca-file
Properly set the caFile for aws-sdk-cpp s3
This commit is contained in:
commit
121a407eec
|
@ -224,8 +224,7 @@ struct CurlDownloader : public Downloader
|
||||||
curl_easy_setopt(req, CURLOPT_NOBODY, 1);
|
curl_easy_setopt(req, CURLOPT_NOBODY, 1);
|
||||||
|
|
||||||
if (request.verifyTLS)
|
if (request.verifyTLS)
|
||||||
curl_easy_setopt(req, CURLOPT_CAINFO,
|
curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.c_str());
|
||||||
getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt")).c_str());
|
|
||||||
else {
|
else {
|
||||||
curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0);
|
curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0);
|
||||||
curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
|
curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0);
|
||||||
|
|
|
@ -69,6 +69,7 @@ Settings::Settings()
|
||||||
showTrace = false;
|
showTrace = false;
|
||||||
enableImportNative = false;
|
enableImportNative = false;
|
||||||
netrcFile = fmt("%s/%s", nixConfDir, "netrc");
|
netrcFile = fmt("%s/%s", nixConfDir, "netrc");
|
||||||
|
caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -195,6 +195,9 @@ struct Settings {
|
||||||
downloads. */
|
downloads. */
|
||||||
Path netrcFile;
|
Path netrcFile;
|
||||||
|
|
||||||
|
/* Path to the SSL CA file used */
|
||||||
|
Path caFile;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
SettingsMap settings, overrides;
|
SettingsMap settings, overrides;
|
||||||
|
|
||||||
|
|
|
@ -77,6 +77,7 @@ ref<Aws::Client::ClientConfiguration> S3Helper::makeConfig()
|
||||||
res->region = Aws::Region::US_EAST_1; // FIXME: make configurable
|
res->region = Aws::Region::US_EAST_1; // FIXME: make configurable
|
||||||
res->requestTimeoutMs = 600 * 1000;
|
res->requestTimeoutMs = 600 * 1000;
|
||||||
res->retryStrategy = std::make_shared<RetryStrategy>();
|
res->retryStrategy = std::make_shared<RetryStrategy>();
|
||||||
|
res->caFile = settings.caFile;
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue