[Nix-commits] [NixOS/nixpkgs] 80cbb8: cacerts: refactor, add blacklist option

Shea Levy Fri, 04 Nov 2016 19:04:32 -0700

  Branch: refs/heads/release-16.09
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 80cbb8acf17cd128e834d4a11f8270b9a5197166
      
https://github.com/NixOS/nixpkgs/commit/80cbb8acf17cd128e834d4a11f8270b9a5197166
  Author: Shea Levy <[email protected]>
  Date:   2016-11-04 (Fri, 04 Nov 2016)


  Changed paths:
    M pkgs/data/misc/cacert/default.nix

  Log Message:
  -----------
  cacerts: refactor, add blacklist option

Previously, the list of CA certificates was generated with a perl script
which is included in curl. As this script is not very flexible, this commit
refactors the expression to use the python script that Debian uses to
generate their CA certificates from Mozilla's trust store in NSS.

[SL: The following was true of the original commit but was backed out
of the cherry pick]:

Additionally, an option was added to the cacerts derivation and the
`security.pki` module to blacklist specific CAs.

(cherry picked from commit 0d59fc1169654fa1f77e17ad73099895af7bba4d)

_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 80cbb8: cacerts: refactor, add blacklist option

Reply via email to