Hi, On Fri, 21 Feb 2025 at 11:10, Ludovic Courtès <l...@gnu.org> wrote:
>>> GnuTLS (and thus Guile-GnuTLS) does not honor an environment variable. >>> Instead it’s up to applications to set up their certificate search path. >>> >>> See for example the discussion at <https://issues.guix.gnu.org/46779>. [...] > I think certificate search should either but up to actual applications > (like Guix), as is the case now, or changed in GnuTLS proper. Doing it > in guile-gnutls just because we can easily do so doesn’t sound like a > good idea to me. Somehow it’s documented [1] for the one who knows very well all the Guix quirks. ;-) Do we agree that typing this: $ guix shell -CN guile guile-gnutls nss-certs [env]$ export SSL_CERT_DIR=$GUIX_ENVIRONMENT/etc/ssl/certs [env]$ export SSL_CERT_FILE=$GUIX_ENVIRONMENT/etc/ssl/certs/ca-certificates.crt [env]$ guile [...] scheme@(guile-user)> ,use(web client) scheme@(guile-user)> (http-get "https://gnu.org";) $1 = #<<response> version: (1 . 1) … $2 = "<!DOCTYPE HTML PUBLIC … is cumbersome? And not intuitive, to put it mildly. As Tomas is proposing, maybe we could have a package ’guile-gnutls-certs’ which would do all the search-paths dance? WDYT? Cheers, simon 1: https://guix.gnu.org/manual/devel/en/guix.html#X.509-Certificates
