Re: GnuTLS and the “trust store”

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS and the “trust store”

From:	Marius Bakke
Subject:	Re: GnuTLS and the “trust store”
Date:	Thu, 05 Jan 2017 15:11:23 +0100
User-agent:	Notmuch/0.23.4 (https://notmuchmail.org) Emacs/25.1.1 (x86_64-unknown-linux-gnu)

Ludovic Courtès <address@hidden> writes:

> Hello!
>
> Marius Bakke <address@hidden> skribis:
>
>> Marius Bakke <address@hidden> writes:
>>
>>> ng0 <address@hidden> writes:
>>>
>>>> * gnu/packages/curl.scm (curl)[arguments]: Add "--with-ca-bundle" 
>>>> configure flag.
>
> [...]
>
>> I realized shortly after posting why this wasn't done already. Curl has
>> 1403 dependent packages, which would apply for "nss-certs" as well if
>> that is added as input. Obviously we want to be able to update TLS
>> certificates quickly without rebuilding ~1/4 of the tree.
>
> Indeed.  It’s a situation where we do not want to have a static binding
> between cURL and nss-certs; instead, they should be composed
> dynamically, along the lines of what we already recommend at:
>
>   
> https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html

Curl respects the variable "CURL_CA_BUNDLE". I think we could add a
"native-search-path" for that, similar to how it's done for "git".

ng0, can you try that?

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] gnu: curl: Add ca-bundle to config., (continued)
- Re: PATCH as first attempt to fix the sad curl situation, ng0, 2017/01/04
  - Re: PATCH as first attempt to fix the sad curl situation, Ricardo Wurmus, 2017/01/04

Prev by Date: Re: [PATCH v2] gnu: Add ghc-markdown-unlit.
Next by Date: Re: [PATCH] gnu: sed: Update to 4.3.
Previous by thread: Re: GnuTLS and the “trust store”
Next by thread: Re: GnuTLS and the “trust store”
Index(es):
- Date
- Thread