(Pardon the delay, for some reason I do not get email notifications for this bug.)
I had read the X.509 Certificates section of the manual, but since my certificates ARE in the default location of /etc/ssl/certs, and vdirsyncer had previously worked, for some reason I did not dig into it deeply enough, or perhaps I attempted to set it up wrongly at some point in the past. Setting SSL_CERT_DIR=/etc/ssl/certs in my environment fixes the vdirsyncer package, and it syncs correctly. I have also discovered that python aiohttp will correctly verify certificates WITHOUT this environment variable with: guix shell -P -C -N python python-aiohttp nss-certs openssl Leaving out EITHER nss-certs OR openssl causes aiohttp to exhibit the same behavior as vdirsyncer. However, including both of these packages in the same (foreign distro) profile that includes vdirsyncer does NOT cause vdirsyncer to correctly verify certificates. I am not sure what this means for this bug; certainly the change from "working without extra configuration" to "broken without extra configuration" is a regression in user experience, but it may be that it is working as intended. It seems to me that the principle of least astonishment for foreign distro users would suggest that python aiohttp defaults to loading /etc/ssl/certs from the foreign distro, if present.
