Nix packages are expected to honor NIX_SSL_CERT_FILE and this removes the dependency on the framework while bootstrapping the stdenv. (+ nitpick changes from vcunat) The patch is based on c0eb46d346
c0eb46d346
