Commit graph

16 commits

Author SHA1 Message Date
Franz Pletz
0d59fc1169
cacerts: refactor, add blacklist option
Previously, the list of CA certificates was generated with a perl script
which is included in curl. As this script is not very flexible, this commit
refactors the expression to use the python script that Debian uses to
generate their CA certificates from Mozilla's trust store in NSS.

Additionally, an option was added to the cacerts derivation and the
`security.pki` module to blacklist specific CAs.
2016-10-09 02:00:18 +02:00
Robert Helgesson
96fc1e19b8 cacert: remove dependency on LWP
The `mk-ca-bundle.pl` script manages quite well using only curl but
fails without LWP being present due to a `use` statement. This removes
the Perl import of the LWP library and adds curl as a build input.
2016-06-13 22:18:59 +02:00
Eelco Dolstra
0edfda814e Fix random ugliness 2015-07-31 01:36:41 +02:00
William A. Kennington III
ffd0539eba cacert: store ca-bundle.crt in $out/etc/ssl/certs instead of $out 2015-06-05 13:00:52 -07:00
Eelco Dolstra
6c878e0d05 Fix cacert 2015-06-04 14:54:52 +02:00
William A. Kennington III
d6cbb061e3 cacert: Build directly from nss instead of our own tarball 2015-05-29 13:52:07 -07:00
Eelco Dolstra
6b67028383 cacert: Update to 20140715
This is generated with a more recent version of mk-ca-bundle.pl. The
previous version mistakenly dropped some certificates, like "Verisign
Class 3 Public Primary Certification Authority".
2014-08-05 10:43:25 +02:00
Eelco Dolstra
b9c457ba12 cacert: Update to 20140704 2014-07-30 10:14:40 +02:00
Eelco Dolstra
3f799e7233 cacert: Update to 20131205 2013-12-20 18:29:06 +01:00
Eelco Dolstra
acba9240cd nixos.org/tarballs -> tarballs.nixos.org
It's currently the same machine, but tarballs.nixos.org should become
an S3/CloudFront site eventually.
2013-06-25 14:12:16 +02:00
Eelco Dolstra
d5c8f4cb60 cacert: Update to 20121229 2013-05-15 13:15:53 +02:00
Eelco Dolstra
ebc1c7d6c7 cacert: Update to 20120628 2012-07-05 17:31:23 -04:00
Eelco Dolstra
c556a6ea46 * "ensureDir" -> "mkdir -p". "ensureDir" is a rather pointless
function, so obsolete it.

svn path=/nixpkgs/branches/stdenv-updates/; revision=31644
2012-01-18 20:16:00 +00:00
Eelco Dolstra
f887ecef57 * Latest CA certificate bundle, now without DigiNotar certificate.
svn path=/nixpkgs/trunk/; revision=29269
2011-09-14 11:59:18 +00:00
Eelco Dolstra
353ec7a128 * CAcert bundle updated to the latest version (it was almost two years old).
svn path=/nixpkgs/trunk/; revision=28856
2011-08-28 16:02:18 +00:00
Eelco Dolstra
f724089f6f * Added a bundle of CA certificates, useful for e.g. curl.
svn path=/nixpkgs/trunk/; revision=19571
2010-01-20 14:10:26 +00:00