From 19fc159f9698bb7b88d920030808ee88d1e439d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 27 Sep 2024 11:55:00 +0200
Subject: [PATCH] also detect certificate bundles on opensuse

Now that we require valid certificates in builtins:fetchurl,
we also need to support standard locations for certificate authorities
on various platforms.
---
 src/libstore/globals.cc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index b64e73c265b..cf8e513ce03 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -238,7 +238,13 @@ bool Settings::isWSL1()
 
 Path Settings::getDefaultSSLCertFile()
 {
-    for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
+    for (auto & fn : {
+        // NixOS, fedora, debian, ubuntu
+        "/etc/ssl/certs/ca-certificates.crt",
+        // openSUSE
+        "/var/lib/ca-certificates/ca-bundle.pem",
+        "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"
+    })
         if (pathAccessible(fn)) return fn;
     return "";
 }