From 8a6346e4774910348fcbe149f2b2892556518bf5 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Wed, 20 Jan 2010 14:22:47 +0000
Subject: [PATCH] * Provide a bundle of CA certificates in /etc/ca-bundle.crt,
 and set   the CURL_CA_BUNDLE environment variable.  This allows curl to work 
  without the `-k' flag on https sites with a properly signed   certificate.

svn path=/nixos/trunk/; revision=19572
---
 modules/module-list.nix |  1 +
 modules/security/ca.nix | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 modules/security/ca.nix

diff --git a/modules/module-list.nix b/modules/module-list.nix
index d140f7ad335..e51237f1ca0 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -31,6 +31,7 @@
   ./programs/ssh.nix
   ./programs/ssmtp.nix
   ./rename.nix
+  ./security/ca.nix
   ./security/consolekit.nix
   ./security/pam.nix
   ./security/pam_usb.nix
diff --git a/modules/security/ca.nix b/modules/security/ca.nix
new file mode 100644
index 00000000000..efa32f5e8f3
--- /dev/null
+++ b/modules/security/ca.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  config = {
+
+    environment.etc = singleton
+      { source = "${pkgs.cacert}/etc/ca-bundle.crt";
+        target = "ca-bundle.crt";
+      };
+
+    environment.shellInit =
+      ''
+        export CURL_CA_BUNDLE=/etc/ca-bundle.crt
+      '';
+      
+  };
+
+}