From 3be3c2906ed6e8a60f4adbbe8ff18fbbd2797d0c Mon Sep 17 00:00:00 2001
From: SLNOS <anonymous@wired>
Date: Thu, 1 Feb 2018 00:00:00 +0000
Subject: [PATCH 1/2] stunnel: fetchurl more securely

---
 pkgs/tools/networking/stunnel/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/networking/stunnel/default.nix b/pkgs/tools/networking/stunnel/default.nix
index deac37468360..0d328c02d371 100644
--- a/pkgs/tools/networking/stunnel/default.nix
+++ b/pkgs/tools/networking/stunnel/default.nix
@@ -5,8 +5,10 @@ stdenv.mkDerivation rec {
   version = "5.44";
 
   src = fetchurl {
-    url    = "http://www.stunnel.org/downloads/${name}.tar.gz";
-    sha256 = "1692y69wl7j6yjgnrrzclgzb34bxsaxjzl1dfy47vms7pdfk42lr";
+    url    = "https://www.stunnel.org/downloads/${name}.tar.gz";
+    sha256 = "990a325dbb47d77d88772dd02fbbd27d91b1fea3ece76c9ff4461eca93f12299";
+    # please use the contents of "https://www.stunnel.org/downloads/${name}.tar.gz.sha256",
+    # not the output of `nix-prefetch-url`
   };
 
   buildInputs = [ openssl ];

From 40bceae84ed8ee6c660ccec8bb826576b272ee6e Mon Sep 17 00:00:00 2001
From: SLNOS <anonymous@wired>
Date: Thu, 1 Feb 2018 00:00:00 +0000
Subject: [PATCH 2/2] curl: fetchurl more securely

---
 pkgs/tools/networking/curl/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/tools/networking/curl/default.nix b/pkgs/tools/networking/curl/default.nix
index 16b22e3f2554..dbe2a6639352 100644
--- a/pkgs/tools/networking/curl/default.nix
+++ b/pkgs/tools/networking/curl/default.nix
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
   name = "curl-7.58.0";
 
   src = fetchurl {
-    url = "http://curl.haxx.se/download/${name}.tar.bz2";
+    url = "https://curl.haxx.se/download/${name}.tar.bz2";
     sha256 = "0cg7klhf1ksnbw5wvwa802qir877zv4y3dj7swz1xh07g3wq3c0w";
   };