GNU bug report logs - #46829
Let's Encrypt certificate store (le-certs) expired

Previous Next

Package: guix;

Reported by: Christopher Baines <mail <at> cbaines.net>

Date: Sun, 28 Feb 2021 10:28:02 UTC

Severity: important

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #62 received at 46829 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: Christopher Baines <mail <at> cbaines.net>, 46829 <at> debbugs.gnu.org
Subject: Re: bug#46829: Fresh install of 1.2.0 can't guix pull
Date: Sun, 11 Apr 2021 16:41:11 -0400

On Wed, Mar 17, 2021 at 03:36:44PM +0100, Ludovic Courtès wrote:
>   (define (honor-x509-certificates store)
>     "Use the right X.509 certificates for Git checkouts over HTTPS."
>     (unless (honor-system-x509-certificates!)
>       (honor-lets-encrypt-certificates! store)))
> 
> By default, 1.2.0 installs ‘nss-certs’, so I would assume such
> installations are unaffected, right?

So, the bug here is that `guix pull` is using the wrong certificate
store. It should use le-certs, but is instead ignoring le-certs, and
looking for a system-wide store that doesn't exist.

I tested with an installer image from current master, and the bug still
exists.

This bug report was last modified 3 years and 359 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #46829 Let's Encrypt certificate store (le-certs) expired

GNU bug report logs - #46829
Let's Encrypt certificate store (le-certs) expired