GNU bug report logs - #46779
GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates

Package: guix;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Thu, 25 Feb 2021 20:04:01 UTC

Severity: normal

Message #26 received at 46779 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Mark H Weaver <mhw <at> netris.org>, 46779 <at> debbugs.gnu.org,
 Roel Janssen <roel <at> gnu.org>
Subject: Re: bug#46779: GnuTLS uses the hard-coded /etc/ssl/certs location
 for TLS certificates
Date: Wed, 20 Nov 2024 11:45:15 +0100

Hello,

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:

> I guess we could rename NIX_SSL_CERT_FILE to just SSL_CERT_FILE in the
> above patch and add the $SSL_CERT_FILE search path to bring us closer to
> what OpenSSL supports?

As a rule of thumb, I would avoid diverging from upstream, especially
for touchy points like this one: it quickly gets problematic when a
same-named package behaves differently across distros.

In this case, because GnuTLS does not honor any environment variables,
applications/libraries linked against it have to provide their own
mechanism for users to specify the certificate search path.  Normally,
they already do that.

WDYT?

Ludo’.

This bug report was last modified 206 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #46779 GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates

GNU bug report logs - #46779
GnuTLS uses the hard-coded /etc/ssl/certs location for TLS certificates