GNU bug report logs -
#32530
[PATCH] gnu: octave: Fix CA certificate use.
Previous Next
Reported by: Kei Kebreau <kkebreau <at> posteo.net>
Date: Sun, 26 Aug 2018 00:43:02 UTC
Severity: normal
Tags: patch
Done: Kei Kebreau <kkebreau <at> posteo.net>
Bug is archived. No further changes may be made.
Full log
Message #8 received at 32530 <at> debbugs.gnu.org (full text, mbox):
Hi,
Kei Kebreau <kkebreau <at> posteo.net> skribis:
> * gnu/packages/maths.scm (octave)[arguments]: Add 'wrap-program' phase to wrap
> Octave with the path to system CA certificates.
[...]
> + (add-after 'install 'wrap-program
> + (lambda* (#:key outputs #:allow-other-keys)
> + (let ((out (assoc-ref outputs "out")))
> + (wrap-program (string-append out "/bin/octave")
> + '("CURLOPT_CAPATH" suffix ("/etc/ssl/certs")))
Users might want to ignore /etc/ssl/certs altogether and instead only
use their own set of certificates, so I’m rather reluctant to such a
change.
Now, I agree that there’s a usability problem: we don’t want every
Octave user to stumble upon a certificate error message. I can think of
several solutions:
1. We could add CURLOPT_CAPATH to the ‘native-search-paths’ of ‘curl’,
assuming that variable is honored by libcurl itself. It won’t
solve this immediate issue, but it sounds like “the right way.”
2. On GuixSD, we could define CURLOPT_CAPATH=/etc/ssl/certs in
/etc/profile, like we already do for other variables.
3. We could document this variable under “X.509 Certificates” in the
manual.
#1 would have to go to ‘core-updates’. WDYT?
Thanks,
Ludo’.
This bug report was last modified 6 years and 297 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.