On Sat, Feb 07, 2015 at 08:57:32PM -0500, Mark H Weaver wrote: > Unlike GnuTLS, OpenSSL supports setting the trust store location using > environment variables, specifically SSL_CERT_DIR and SSL_CERT_FILE. > Shouldn't we just use those?
I had read about these, but the documentation mentions them only in the context of c_rehash. So I thought they were not generally applicable. But indeed they are, I just tried SSL_CERT_DIR with youtube-dl. Also, it can be a ":" separated list of directories. So we should probably encourage its usage by defining a search path with our (future) certificate packages. > If we were to apply this patch, I'd rather have just one rebuild rather > than two, especially since our MIPS build slave is unable to keep up as > it is. What do you think? So maybe we do not need it at all? What do you think? Concerning the rebuilds, I would say that the aim of continuous integration would be to determine exactly the place where something goes wrong, so in general, I am rather in favour of more rebuilds. As the one mips machine cannot keep up, it would then be reasonable to abort earlier builds. Andreas
