1 files changed, 18 insertions, 5 deletions

diff --git a/gnu/packages/certs.scm b/gnu/packages/certs.scm
index 2441de6631..31ffa54d87 100644
--- a/gnu/packages/certs.scm
+++ b/gnu/packages/certs.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -74,7 +74,7 @@
 (define-public nss-certs
   (package
     (name "nss-certs")
-    (version "3.31")
+    (version "3.32")
     (source (origin
               (method url-fetch)
               (uri (let ((version-with-underscores
@@ -85,7 +85,7 @@
                       "nss-" version ".tar.gz")))
               (sha256
                (base32
-                "0pd643a8ns7q5az5ai3ascrw666i2kbfiyy1c9hlhw9jd8jn21g9"))))
+                "0dfkgvah0ji8b8lpxyy2w0b3lyz5ldmryii4z7j2bfwnrj0z7iim"))))
     (build-system gnu-build-system)
     (outputs '("out"))
     (native-inputs
@@ -155,13 +155,26 @@ taken from the NSS package and thus ultimately from the Mozilla project.")
          (let ((root (assoc-ref %build-inputs "isrgrootx1.pem"))
                (intermediate (assoc-ref %build-inputs "letsencryptauthorityx3.pem"))
                (backup (assoc-ref %build-inputs "letsencryptauthorityx4.pem"))
-               (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs")))
+               (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs"))
+               (openssl (assoc-ref %build-inputs "openssl"))
+               (perl (assoc-ref %build-inputs "perl")))
            (mkdir-p out)
            (for-each
              (lambda (cert)
                (copy-file cert (string-append out "/"
                                               (strip-store-file-name cert))))
-             (list root intermediate backup))))))
+             (list root intermediate backup))
+
+           ;; Create hash symlinks suitable for OpenSSL ('SSL_CERT_DIR' and
+           ;; similar.)
+           (chdir (string-append %output "/etc/ssl/certs"))
+           (unless (zero? (system* (string-append perl "/bin/perl")
+                                   (string-append openssl "/bin/c_rehash")
+                                   "."))
+             (error "'c_rehash' failed" openssl))))))
+    (native-inputs
+     `(("openssl" ,openssl)
+       ("perl" ,perl)))                           ;for 'c_rehash'
     (inputs
      `(; The Let's Encrypt root certificate, "ISRG Root X1".
        ("isrgrootx1.pem"