Thanks for review! On Sun, Mar 22, 2015 at 12:56:43PM -0400, Mark H Weaver wrote:
Tomáš Čech <sleep_wal...@gnu.org> writes:@@ -60,7 +64,18 @@ ("pkg-config" ,pkg-config) ("python" ,python-2))) (arguments - `(#:configure-flags '("--with-gnutls" "--with-gssapi") + `(#:configure-flags + '("--with-gnutls" "--with-gssapi" "--enable-http" + ;; This option requires parameter so let's use this one + ;; - when it exists, it makes sense + ;; - when it doesn't exist, we can still use SSL_CERT_DIR environment + ;; variable to set it per user or for whole system + ;; Fixes #20121. + "--with-ca-path=/etc/ssl/certs"It would be better to avoid passing the --with-ca-path= option. We are attempting to move away from having any compiled-in system-wide location for the CA trust store. Each user should be able to specify their desired trust store using environment variables or other settings.
I verified that patch is now sufficient as solution and I verified that it respects SSL_CERT_DIR with that so it is ideal solution. Thanks for kicking me step further. (And yes, that patch is really needed :) I'll update the patch accordingly. S_W
pgpv8lxvI67eo.pgp
Description: PGP signature
