I keep running into issues with curl
, cargo
, git
and other commands that fetch data over http(s) in Nix shells. It seems that the SSL settings for my system aren’t inherited, so the certs can’t be verified or aren’t found.
I’ve usually gotten around this by setting:
SSL_CERT_FILE="/etc/ssl/certs/ca-bundle.crt";
in derivations, but this is a bit of a hassle, so I’d rather avoid that where I can.
After switching to Lorri a month or so ago, I stopped seeing this problem, but it suddenly appeared again now. Again, I checked the environment and found that SSL_CERT_FILE
was set to /no-cert-file.crt
. After changing it to /etc/ssl/certs/ca-certificates.crt
, things started working again.
This feels very cumbersome, and it’s not how I expect the system to behave. How do you generally deal with this? Have I configured something wrong or is this how it’s supposed to be?