l...@gnu.org (Ludovic Courtès) writes:
> Andreas Enge <andr...@enge.fr> skribis:
>
>> On Sat, Feb 07, 2015 at 08:57:32PM -0500, Mark H Weaver wrote:
>>> Unlike GnuTLS, OpenSSL supports setting the trust store location using
>>> environment variables, specifically SSL_CERT_DIR and SSL_CERT_FILE.
>>> Shouldn't we just use those?
>>
>> I had read about these, but the documentation mentions them only in the
>> context of c_rehash. So I thought they were not generally applicable. But
>> indeed they are, I just tried SSL_CERT_DIR with youtube-dl. Also, it can be
>> a ":" separated list of directories. So we should probably encourage its
>> usage by defining a search path with our (future) certificate packages.
>
> [...]
>
>> So maybe we do not need it at all? What do you think?
>
> I agree, we should just use SSL_CERT_DIR and SSL_CERT_FILE.
>
> We could indeed add a ‘search-path-specification’ in OpenSSL for
> SSL_CERT_DIR.
Sounds good to me!
Thanks!
Mark
