Re: [Nix-dev] How to add (self-signed) SSL certificate to NixOS?

2015-02-05 Thread Eelco Dolstra
Hi, On 04/02/15 23:18, Bjørn Forsman wrote: The following should work: environment.etc.ssl/certs/ca-bundle.crt.source = lib.mkForce ...; Unfortunately it does not. That also results in mismatched duplicate entry ... error. I've added an option ‘security.pki.certificateFiles’. You

Re: [Nix-dev] How to add (self-signed) SSL certificate to NixOS?

2015-02-04 Thread Bjørn Forsman
On 2 February 2015 at 21:06, Bjørn Forsman bjorn.fors...@gmail.com wrote: On 2 February 2015 at 17:43, Eelco Dolstra eelco.dols...@logicblox.com wrote: A better way (not tested): environment.etc.ssl/certs/ca-bundle.crt.source = pkgs.runCommand my-ca-bundle.crt { } ''

Re: [Nix-dev] How to add (self-signed) SSL certificate to NixOS?

2015-02-02 Thread Bjørn Forsman
On 2 February 2015 at 17:43, Eelco Dolstra eelco.dols...@logicblox.com wrote: A better way (not tested): environment.etc.ssl/certs/ca-bundle.crt.source = pkgs.runCommand my-ca-bundle.crt { } '' cat ${pkgs.cacert}/etc/ca-bundle.crt ${./my-certificate.crt} $out '';

[Nix-dev] How to add (self-signed) SSL certificate to NixOS?

2015-02-02 Thread Bjørn Forsman
Hi, (Warning: I'm a SSL/certificate newbie.) I tried placing the certificate file (.crt) into /etc/ssl/certs/, next to the existing ca-bundle.crt. That didn't work. Strace showed that e.g. curl didn't even look at my file. Then I tried to append the certificate contents to the ca-bundle.crt:

Re: [Nix-dev] How to add (self-signed) SSL certificate to NixOS?

2015-02-02 Thread Kirill Elagin
An even better solution is for NixOS to switch from $SSL_CERT_FILE to $SSL_CERT_DIR so you can just add extra certificate files. I’m afrain `curl` can’t handle CA directories, I think there is only `$CURL_CA_BUNDLE`. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/

Re: [Nix-dev] How to add (self-signed) SSL certificate to NixOS?

2015-02-02 Thread Kirill Elagin
`ca-bundle.crt` is actually just a text file with a list of certificates, so I’m not sure what the error you get can possibly refer to. It should be perfectly fine to do what you are trying to do. Could it be that there was an error in your nix expression (e.g. you had `.source` instead of

Re: [Nix-dev] How to add (self-signed) SSL certificate to NixOS?

2015-02-02 Thread Bjørn Forsman
On 2 February 2015 at 17:08, Kirill Elagin kirela...@gmail.com wrote: `ca-bundle.crt` is actually just a text file with a list of certificates, so I’m not sure what the error you get can possibly refer to. It should be perfectly fine to do what you are trying to do. I agree. Could it be that

Re: [Nix-dev] How to add (self-signed) SSL certificate to NixOS?

2015-02-02 Thread Kirill Elagin
On Mon Feb 02 2015 at 7:17:28 PM Bjørn Forsman bjorn.fors...@gmail.com wrote: On 2 February 2015 at 17:08, Kirill Elagin kirela...@gmail.com wrote: `ca-bundle.crt` is actually just a text file with a list of certificates, so I’m not sure what the error you get can possibly refer to. It