bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS ce

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS ce

From:	Maxim Cournoyer
Subject:	bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates
Date:	Thu, 25 Feb 2021 15:03:01 -0500

Hello,

Consider this:

$ guix environment --container --network -E SSL --expose=$SSL_CERT_FILE
--expose=$SSL_CERT_DIR --ad-hoc wget -- wget https://gnu.org

It works on a Guix System, but fails on a foreign distribution, even in
a profile where nss-certs were installed and with the above SSL
environment value properly set.

This is because GnuTLS, which wget uses, looks up the certificates under
the /etc/ssl/certs hard-coded location.  On Guix System, the
SSL_CERT_FILE is set to /etc/ssl/certs/ca-certificates.crt, which
explains why it works there.

We should patch GnuTLS so that it also honors the SSL_* environment
variables documented in the Guix manual.

Maxim

[Prev in Thread]

Current Thread

[Next in Thread]

bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates, Maxim Cournoyer <=

Prev by Date: bug#46602: Removing OpenSSL 1.0
Next by Date: bug#46780: java-snappy: Test failure on ci.guix.gnu.org
Previous by thread: bug#46778: set-grafting: regression in "guix graph"
Next by thread: bug#46780: java-snappy: Test failure on ci.guix.gnu.org
Index(es):
- Date
- Thread