bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates

2024-11-20 Thread Ludovic Courtès
Hello, Maxim Cournoyer skribis: > I guess we could rename NIX_SSL_CERT_FILE to just SSL_CERT_FILE in the > above patch and add the $SSL_CERT_FILE search path to bring us closer to > what OpenSSL supports? As a rule of thumb, I would avoid diverging from upstream, especially for touchy points li

bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates

2024-11-10 Thread Maxim Cournoyer
Hi, I was looking at what Nix does, and they carry this patch, under pkgs/development/libraries/gnutls/nix-ssl-cert-file.patch: --8<---cut here---start->8--- allow overriding system trust store location via $NIX_SSL_CERT_FILE --- a/lib/system/certs.c +++ b/lib

bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates

2021-10-11 Thread Roel Janssen
On Fri, 2021-10-08 at 15:00 -0400, Mark H Weaver wrote: > Roel Janssen writes: > > > On Fri, 2021-03-19 at 19:13 -0400, Mark H Weaver wrote: > > > Ludovic Courtès writes: > > > > > > > Maxim Cournoyer skribis: > > > > > > > > > We should patch GnuTLS so that it also honors the SSL_* > > > > >

bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates

2021-10-08 Thread Mark H Weaver
Roel Janssen writes: > On Fri, 2021-03-19 at 19:13 -0400, Mark H Weaver wrote: >> Ludovic Courtès writes: >> >> > Maxim Cournoyer skribis: >> > >> > > We should patch GnuTLS so that it also honors the SSL_* >> > > environment >> > > variables documented in the Guix manual. >> > >> > Note tha

bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates

2021-10-07 Thread Roel Janssen
On Fri, 2021-03-19 at 19:13 -0400, Mark H Weaver wrote: > Ludovic Courtès writes: > > > Maxim Cournoyer skribis: > > > > > We should patch GnuTLS so that it also honors the SSL_* > > > environment > > > variables documented in the Guix manual. > > > > Note that (1) the SSL_* variables are orig

bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates

2021-03-19 Thread Mark H Weaver
Ludovic Courtès writes: > Maxim Cournoyer skribis: > >> We should patch GnuTLS so that it also honors the SSL_* environment >> variables documented in the Guix manual. > > Note that (1) the SSL_* variables are originally from OpenSSL, and (2) > GnuTLS developers made the conscious decision to no

bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates

2021-03-01 Thread Ludovic Courtès
Hi, Maxim Cournoyer skribis: > We should patch GnuTLS so that it also honors the SSL_* environment > variables documented in the Guix manual. Note that (1) the SSL_* variables are originally from OpenSSL, and (2) GnuTLS developers made the conscious decision to not honor any environment variabl

bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates

2021-02-25 Thread Maxim Cournoyer
Hello, Consider this: $ guix environment --container --network -E SSL --expose=$SSL_CERT_FILE --expose=$SSL_CERT_DIR --ad-hoc wget -- wget https://gnu.org It works on a Guix System, but fails on a foreign distribution, even in a profile where nss-certs were installed and with the above SSL envir