this post was submitted on 18 Aug 2024
14 points (100.0% liked)
Nix / NixOS
1762 readers
24 users here now
Main links
Videos
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Could you provide more information? Snippets of the config that are relevant e.g custom TLS certs config, what does the flake look like, self-signed TLS certs? What exactly is breaking?
curl https://localhost:8080/something
?Have you compared the environment variables?
Anti Commercial-AI license
It’s almost as if you’d like OP to provide a reproducible example. If only there was a tool for that /s
Sure. I import the certificates like this:
where
home.pem
is a default PEM formatted certificate. It works fine to import the cert system wide this way.If I enter the flake.nix and run a simple
curl
against the remote server I get the following, which is typical for a TLS certificate error.So it seems to me that the development shell does not pick up the certificates installed on the system. I can work around that by using an impure shell, but I think that this is not how nix should be used.
So the certs end up in these files:
Only the first one is mentioned on stackoverflow as being used by Go on debian.
Curl seems to have its default location compiled in by passing
--with-ca-bundle
~~, but after installingcurlFull
and runningcurl-config --ca
, it doesn't look like that was used and the "default" path is guessed.~~Looking further in the
curl
derivation there are these lines for darwin :So, check the value of
NIX_SSL_CERT_FILE
outsidenix shell
and within. The path might have to be set there. I dunno how to do that automatically withnix shell
, so it might have to be done manually.Anti Commercial-AI license
Thanks, I'll try that!