[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS and the “trust store”
From: |
Marius Bakke |
Subject: |
Re: GnuTLS and the “trust store” |
Date: |
Thu, 05 Jan 2017 15:11:23 +0100 |
User-agent: |
Notmuch/0.23.4 (https://notmuchmail.org) Emacs/25.1.1 (x86_64-unknown-linux-gnu) |
Ludovic Courtès <address@hidden> writes:
> Hello!
>
> Marius Bakke <address@hidden> skribis:
>
>> Marius Bakke <address@hidden> writes:
>>
>>> ng0 <address@hidden> writes:
>>>
>>>> * gnu/packages/curl.scm (curl)[arguments]: Add "--with-ca-bundle"
>>>> configure flag.
>
> [...]
>
>> I realized shortly after posting why this wasn't done already. Curl has
>> 1403 dependent packages, which would apply for "nss-certs" as well if
>> that is added as input. Obviously we want to be able to update TLS
>> certificates quickly without rebuilding ~1/4 of the tree.
>
> Indeed. It’s a situation where we do not want to have a static binding
> between cURL and nss-certs; instead, they should be composed
> dynamically, along the lines of what we already recommend at:
>
>
> https://www.gnu.org/software/guix/manual/html_node/X_002e509-Certificates.html
Curl respects the variable "CURL_CA_BUNDLE". I think we could add a
"native-search-path" for that, similar to how it's done for "git".
ng0, can you try that?
signature.asc
Description: PGP signature
- Re: [PATCH] gnu: curl: Add ca-bundle to config., (continued)
- Re: [PATCH] gnu: curl: Add ca-bundle to config., Marius Bakke, 2017/01/04
- Re: [PATCH] gnu: curl: Add ca-bundle to config., Marius Bakke, 2017/01/04
- Re: [PATCH] gnu: curl: Add ca-bundle to config., ng0, 2017/01/04
- Re: [PATCH] gnu: curl: Add ca-bundle to config., ng0, 2017/01/04
- Re: [PATCH] gnu: curl: Add ca-bundle to config., ng0, 2017/01/04
- Re: [PATCH] gnu: curl: Add ca-bundle to config., Ricardo Wurmus, 2017/01/05
- GnuTLS and the “trust store”, Ludovic Courtès, 2017/01/04
- Re: GnuTLS and the “trust store”, ng0, 2017/01/04
- Re: GnuTLS and the “trust store”, Ludovic Courtès, 2017/01/05
- Re: GnuTLS and the “trust store”, Ricardo Wurmus, 2017/01/05
- Re: GnuTLS and the “trust store”,
Marius Bakke <=
- Re: GnuTLS and the “trust store”, Ricardo Wurmus, 2017/01/05
- Re: GnuTLS and the “trust store”, Ludovic Courtès, 2017/01/05
- Re: GnuTLS and the “trust store”, Ricardo Wurmus, 2017/01/06
- Re: GnuTLS and the “trust store”, Ludovic Courtès, 2017/01/07
Re: PATCH as first attempt to fix the sad curl situation, ng0, 2017/01/04