From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 27 17:04:34 2025 Received: (at submit) by debbugs.gnu.org; 27 Jan 2025 22:04:34 +0000 Received: from localhost ([127.0.0.1]:34717 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tcXDe-0005jQ-4o for submit@debbugs.gnu.org; Mon, 27 Jan 2025 17:04:34 -0500 Received: from lists.gnu.org ([2001:470:142::17]:57096) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tcXDa-0005j5-DE for submit@debbugs.gnu.org; Mon, 27 Jan 2025 17:04:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1tcXDU-0001B0-NU for bug-guix@gnu.org; Mon, 27 Jan 2025 17:04:24 -0500 Received: from wolfsden.cz ([37.205.8.62]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <~@wolfsden.cz>) id 1tcXDS-0000ZE-Fe for bug-guix@gnu.org; Mon, 27 Jan 2025 17:04:24 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id 271D231542E; Mon, 27 Jan 2025 22:04:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1738015459; bh=WwZ13/vECLRnfWBfHLdJnOO5vVwA+2oScLNyOB4CZS4=; h=From:To:Subject:Date; b=Dy5+1FUsZJNj/HqvX6IymoHYKbN/TFRBRzNsVDbo6rJxO/bjKV7Jj3z8iIbcBFas8 ravtoeiDte48gKq9G6LokT94q2N6Ml8sdVuqJjiaOIBmRVuHIvCCSM1JcE3uXXyyy6 gFehpH3Mc1lne6Z7UvZHj3gT8TCd5rKmCLf1OUsW+7UTiknTW5EjSC0x9Xcjy3ZuFW tBylacs3/BUKHeXZfm54eP/4y8Ar0iiGtN9MhGIPV3jpgYc5CU/aA4TcoVi0se5GNq W4AvVXfpBhxzhWiDIZ5+l7Crg81KtS2FrLfzULbUVN66CIbnTXYZuJ/2sURa/ntYgK NkYmmZ6OXjq5gYh+K+3exjdOyyB+NyDKOMuzla3dqICz/yhQP5X0FszxlgnaRIs29x KeSMzF999TrH7ASRTIaTGB+ePZM0aWMtcW8DEbn81RDDlX4ilJBXwQaJttfWvEQy9j SfzewGqe1L82VzXmKaAevF/JXD79Ruf63Q8zRLUKLIuBIpgmjLzls0YZH8q7tn75ya s/XM9j6zW/Y3VIbirBFz0DqmsHmr1w3zUZVxMwWKUWP6baeJmjhdN4UXlRqEFTaXlK 1AvE5mHGWjXMRdqy7QBPCHDy6hDpC6yUGxP8p9Lo69JkfQTeSvvOyv2uWeRk5VKLOk 5L5sbPaxGuChHT91tyJ9oThA= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 49BAB315C04 for ; Mon, 27 Jan 2025 22:04:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1738015458; bh=WwZ13/vECLRnfWBfHLdJnOO5vVwA+2oScLNyOB4CZS4=; h=From:To:Subject:Date; b=O+zUaNMXP/HThA6YBMyFvld8beORIR/a7y+NJl56Y4AVk3aia0Jk3it+EH4m5DuwB AOQpHs5OloKl7Ephpv+WKGVfSmP2e09eo4LSuoJ8z/o0Q1aotgplLas04P3UYOPCks v5FLww22dkst7h9cuM/Kbtcbp6NPGISPTJadTrRcJPi8poLPZnnLpyifNLiy6791B4 gjWx6DGLeQI2tkrIR85jJjyEXeFig23cuPxU25DY6FHoLSLkbAlJT3rBtRysfE59b0 kql/CNIjx4DGiVgt2ZAcrHGaBWXAwubXgOiCU+G7svp6+F0AhaIVaxI/4wfjB83Zb6 md8y0j5eWOYWx2um6CIfHf0Ik/yYgQy6+QkSBafLNd3d9D1Y6ItcaqJBcC+knvazDK /bF4ePf3iDahThFNXbuYIyPksKvaDaa2a50VY1XlnF5F2wr67sqqtZ6OKrx+tERG/T JTYujUQ8HQ5NZ7TMl5j2C+x+1mfFsiiPxyZGogiLJ1uJrJX3T1bEfS77en4UkQCDAa 0KNbqUuOo5KHpEJzxim2kd0N7sXvrT+FUTQ7Tdu/an9HAUeCJPyYuYjPeVJVQZ8azI LZqYep+bbc5Vggjmdzp9w7p4uMmVUBOcZdYUnxrnKRQvLrSMln3SBiAeewxESuRUBl PFs+gu21t4f3vyEQHfKFICaI= From: Tomas Volf <~@wolfsden.cz> To: bug-guix@gnu.org Subject: guile-gnutls does not set up search paths for the certificates Date: Mon, 27 Jan 2025 23:04:17 +0100 Message-ID: <87ikpzhq1q.fsf@wolfsden.cz> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=37.205.8.62; envelope-from=~@wolfsden.cz; helo=wolfsden.cz X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable When trying to use (web client) Guile module, one gets the following error: =2D-8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs -- guile -c '((@ (web client)= http-get) "https://gnu.org")' Backtrace: In ice-9/boot-9.scm: 1752:10 7 (with-exception-handler _ _ #:unwind? _ # _) In unknown file: 6 (apply-smob/0 #) In ice-9/boot-9.scm: 724:2 5 (call-with-prompt _ _ #) In ice-9/eval.scm: 619:8 4 (_ #(#(#))) In ice-9/command-line.scm: 185:19 3 (_ #) In unknown file: 2 (eval ((@ (web client) http-get) "https://gnu.org") #) In web/client.scm: 576:0 1 (http-get "https://gnu.org" #:body _ # _ #:port _ # # ?) 286:6 0 (tls-wrap # _ # _) web/client.scm:286:6: In procedure tls-wrap: X.509 certificate of 'gnu.org' could not be verified: signer-not-found invalid =2D-8<---------------cut here---------------end--------------->8--- It seems that guile-gnutls fails to find the certificates, which is unexpected. Adding `curl' into the list of packages works around the problem: =2D-8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs curl -- guile -c '((@ (web cl= ient) http-get) "https://gnu.org")' =2D-8<---------------cut here---------------end--------------->8--- We can see the difference boils down to different search paths: =2D-8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs --search-paths export PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/bin${PAT= H:+:}$PATH" export GUILE_LOAD_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profi= le/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH" export GUILE_LOAD_COMPILED_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mc= byz-profile/lib/guile/3.0/site-ccache:/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m= 2mcbyz-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOA= D_COMPILED_PATH" =2D-8<---------------cut here---------------end--------------->8--- and =2D-8<---------------cut here---------------start------------->8--- $ guix shell -CN guile guile-gnutls nss-certs curl --search-paths export PATH=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/bin${PAT= H:+:}$PATH" export SSL_CERT_DIR=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/= etc/ssl/certs" export SSL_CERT_FILE=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile= /etc/ssl/certs/ca-certificates.crt" export CURL_CA_BUNDLE=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profil= e/etc/ssl/certs/ca-certificates.crt" export GUILE_LOAD_PATH=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profi= le/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH" export GUILE_LOAD_COMPILED_PATH=3D"/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnx= iql-profile/lib/guile/3.0/site-ccache:/gnu/store/6zbi90idpfww3y4k7bcnm38lwi= lnxiql-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOA= D_COMPILED_PATH" =2D-8<---------------cut here---------------end--------------->8--- I think guile-gnutls should also declare the SSL_* variables, since it needs the certificates for vast majority of things one could want to do with it.. Have a nice day, Tomas =2D-=20 There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJCBAEBCgAsFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmeYAuEOHH5Ad29sZnNk ZW4uY3oACgkQL7/ufbZ/walKnhAAgMHr0fRFxh6x4Ghh5q0ts2XClSI7m4yfdz4S q7hicMaz6fKlS9PJMYTrTOlskAn48NvfLV7dGoCLrMIZrqPZRc8+BvnsvoJJgoU6 BAK6+F0zBPFSEpu60tm1AKQp6ZMGJ9gGWPgOAVwt3a9A6ZciiAcY+sgq8WLRd6bU LegyE0ePZFXq6WAACMDijO5NBf45V4FSIlA6bWWkFkYI7KalsjJlCC8DYvOC+D9+ x1BlMVPQ7hnCVj5DW3bqA1FpT6BXYO6GTs9U0njaKCYtbD7jPQO8vmH21u38qcoe 6c0nqXBTR6EoyBRXv0pquKXz6nXr30Obi3TAecw1jSuODoRhWto8Rb6HQVmPN8VV Bp6Sieyunl/RnF2NEIu2FUmSc6qrpwm4qGSGC0GECVaONH346ZBQWR9+q4tUNn2M W0DA9MUT+XxnAICREZW8llYI9q4QK4qs5pNEzt1QpicxJIqchcyY9mjwMX7JCyQj 2eJiRnqvXRkgs/LdDJh2wHMdJlBgqK56iKKDAgCxErgCvH4aTyBttLC/0AGtmRYY EzEV4Imillt4uSoSwLyPWMOcTzVpSr2NxkpnTHMJk6aJlpfIYlVVSy2L0SKUWK+0 ATFbSqlXYQF0/p0aUY0yw4PBzAIypE8Pwf5VMVuPzmMnVIvPVZF8UvZ81XiZbwFC SdRI8js= =hLQN -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 15 16:06:09 2025 Received: (at 75902) by debbugs.gnu.org; 15 Feb 2025 21:06:10 +0000 Received: from localhost ([127.0.0.1]:58243 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tjPMX-0007hp-Iv for submit@debbugs.gnu.org; Sat, 15 Feb 2025 16:06:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49958) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tjPMU-0007hI-6Z for 75902@debbugs.gnu.org; Sat, 15 Feb 2025 16:06:07 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tjPMN-0003ZO-Ox; Sat, 15 Feb 2025 16:05:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=za2aA7cNu8bwGZWKDrCMtRu1fTFnOe3EJRiBMD7K0OE=; b=DFwDuJ6SIDz8s4oJTZ8O Qe0IA3IljJGL+DVf+CpOFuQ6Io7wQysG0V01dVeQXOVuX6w047ub4oTw0IYd2Myl8lilW7Doi8M5t J2ByyBXpwgOco9t8+iD1XyanRLg24zt7izoZKBb4qf0KYqp7SVjTb00XsrFO7SMhHxw9giQXDd3JG U9yqFFdXQl17f0bWzDXzZ34K1eYRse9nemvsEy/5EQK+Ro+9rgna/0unT0nOY/XECLzNI+nrecdkS w6NEZ1xWmtHNzka42tIAc/FpZr39lAVh0SyFWT1rKv48YtYkl0iRXEnUc9cPvyhhMqRidWDnbQXKC Xeoutz9PCkHtBQ==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Tomas Volf <~@wolfsden.cz> Subject: Re: bug#75902: guile-gnutls does not set up search paths for the certificates In-Reply-To: <87ikpzhq1q.fsf@wolfsden.cz> (Tomas Volf's message of "Mon, 27 Jan 2025 23:04:17 +0100") References: <87ikpzhq1q.fsf@wolfsden.cz> Date: Sat, 15 Feb 2025 22:05:55 +0100 Message-ID: <87bjv2x6j0.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 75902 Cc: 75902@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Tomas Volf <~@wolfsden.cz> skribis: > We can see the difference boils down to different search paths: > > $ guix shell -CN guile guile-gnutls nss-certs --search-paths > export PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/bin${P= ATH:+:}$PATH" > export GUILE_LOAD_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-pro= file/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH" > export GUILE_LOAD_COMPILED_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2= mcbyz-profile/lib/guile/3.0/site-ccache:/gnu/store/gg2qybb41rpcl0fs4ay98s2q= 3m2mcbyz-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_L= OAD_COMPILED_PATH" GnuTLS (and thus Guile-GnuTLS) does not honor an environment variable. Instead it=E2=80=99s up to applications to set up their certificate search = path. See for example the discussion at . Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 15 18:58:24 2025 Received: (at 75902) by debbugs.gnu.org; 15 Feb 2025 23:58:24 +0000 Received: from localhost ([127.0.0.1]:58551 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tjS3E-00022y-4Q for submit@debbugs.gnu.org; Sat, 15 Feb 2025 18:58:24 -0500 Received: from wolfsden.cz ([37.205.8.62]:46816) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1tjS3B-00022m-RW for 75902@debbugs.gnu.org; Sat, 15 Feb 2025 18:58:23 -0500 Received: by wolfsden.cz (Postfix, from userid 104) id DD99F37AF4F; Sat, 15 Feb 2025 23:58:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1739663899; bh=omr1ao979UAraRcwZX5HIXWkM0CDKHVXfiuixENjVng=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=MtJZPSUdFFnbZtk7JB6hrugQrVkgDolfoAZs6Iuc+JPyiIJXtfwyazxK/hMwllxm5 OAzpUiMiVtErcaf+LmXuIAVTGCyuYqCFSRpX8Zyy/wPRt6dn/LQ2YMfnRYinuVnUwe 96yzuhEgKGl9p2Tc3h2qTdMsnmpXgm5E80PSROdzENyzkvgqXcbktTJwPDXiIOSR5L guttgh9XqK9bJOBTe7Omr/2TskcG71BEhfkEz5AxZlmmpIpt6JDZUg4YRRr+trtUIR k5DrVqMMkLA/jGm7Iz7WLARnOu23ZlAU9bvgHgvzhZdN7DptDMi55MYFEY3j2GYobX 91+auMNSpay1D0z2CwN2eoh+FzFNIF/4b2OcrWALAOoW82RnxBTz4Prz87w3Melv4a y6ACERKM5ihxLujYKzorukThxGMcm9rTj42Z7p3QZlBYECoyUoNDDX5OoLPLsq3gCE ixPUN+5Ybq7mTqquRtdSvPW0oMi5eozMXIH0d1plYYM3WcMR30col2c+vFEprc9525 m8T8ynqr1hfikJKgmkX3sSuKCeYlYiZI1lWQZc7FQn9Z+C9NqHvVOJA+xrA2FF8lkQ Z+uUDIalHrjs3BQLpy7XQiBRaVXJHgje8RIwKGwHw1X293OkfWtfuwOXjFS48jjIJt Qg8aqJ9ukRAbo8w+LL9if4mA= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 0EB8737A5F4; Sat, 15 Feb 2025 23:58:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1739663898; bh=omr1ao979UAraRcwZX5HIXWkM0CDKHVXfiuixENjVng=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=QbU/X/yozXIkcd7SEWT3fvzULNZoLPrdSe5FAM3Dp7wBv5ODEl7CE9Rs38nsdgWTE 5GQcjksdGBhe0KOcC+02afGhAebbBmCVQDFhQ+XuB2s+TRx7DpYZ14aPBCQd3+DAnR yB/cEfK1y5KuodaWPDtRNGb/0XEFg/1fMuuZMi6rtrJegnM1jEAnzy+37t35rjQkXg 32ZDEbL3TylL7Cr15uAdW0mRfubE3HaKylqgQ3baiM/CNJki6l/zEGw07hF98Gbo2H wKsHWErzL8IG2hbU5EGEOhcXARXeMRNijURvVfLnMxkz/A0CKHkIcPCIpjpEQ6s6Ec xvMqJxV2pimDG1lv5VZszMiYE6QnPkI9Z5bH7Z+W35x7OIcIjF/QExN7zbxRDhn1oS Jd8jk79xZ7qYqTAuAZzPCIRKwx7Et+J3833qukOcalgVPPL05vbwqjMfrTCnfSrV9A nDGXEOpBez/TmvCmcIBqzACq7vuN7uHVb/VjCUH8jhhmmaZUMtaeeVhU9hxBC6x51j AFiLpDTv+J93UpUNm+v+yozoNd2OEtXibknQv2QOJs0v0MoS+DikL0Wq5umVsXGTAn D9syRVolBvT+YMaUqOtVXK526j61tQzGs9CQ+u+Q5TgZGlk0Cm2tsZVIUorHm1MYzx d7EuXU3HD5W0BaDzoAqHFyKg= From: Tomas Volf <~@wolfsden.cz> To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#75902: guile-gnutls does not set up search paths for the certificates In-Reply-To: <87bjv2x6j0.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Sat, 15 Feb 2025 22:05:55 +0100") References: <87ikpzhq1q.fsf@wolfsden.cz> <87bjv2x6j0.fsf@gnu.org> Date: Sun, 16 Feb 2025 00:58:17 +0100 Message-ID: <87v7ta69ra.fsf@wolfsden.cz> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 75902 Cc: 75902@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Hi, > > Tomas Volf <~@wolfsden.cz> skribis: > >> We can see the difference boils down to different search paths: >> >> $ guix shell -CN guile guile-gnutls nss-certs --search-paths >> export PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/bin${= PATH:+:}$PATH" >> export GUILE_LOAD_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-pr= ofile/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH" >> export >> GUILE_LOAD_COMPILED_PATH=3D"/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-= profile/lib/guile/3.0/site-ccache:/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcb= yz-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_CO= MPILED_PATH" > > GnuTLS (and thus Guile-GnuTLS) does not honor an environment variable. > Instead it=E2=80=99s up to applications to set up their certificate searc= h path. > > See for example the discussion at . Thank you for the link. However after reading through it, and basing on your sentence above, is the guile-gnutls not in a position to be considered "application" that should configure the certificate search path? Or to put this in other words, when I want to use guile-gnutls from REPL, what is the "application" that should configure the the search path, if not guile-gnutls itself? Have a nice day, Tomas =2D-=20 There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJCBAEBCgAsFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmexKhkOHH5Ad29sZnNk ZW4uY3oACgkQL7/ufbZ/wal01RAAiTGskDEigP55CLUbF8mvSouStfmJ4gb/o7eS e7XpRmSFPMDkiq4mEqdWIYmRhjFCLm0FGcBPM+dOEOpQOJbjMmfKwcyUSGDTnm7q LBw/0nBjM004cLkIte21FbNo+3Au6ttr1CGgjeVDefhKxPi6Gc41QoNV41Ta0KS4 4bcw5uWcovm4akAQgGKYmzv9koL0jXdKBtym/083Js8hUvDeatKF0hh/4wyQqLD+ t4K2fqH6GfAh5r4XLss4ctCOWfj/D7xUZ7SF8YgSNZAbjyVB5R3S/i7NVuM7qbE+ 3LnhWMMKbu54X+dkfhc+YpXuKMOT9cKtcD+mISBkgabeQ1I9oiX4KIwtW51GfH9q foHAZ86boS8T94cl1aR775OW0A3rGIL2bPljRBsoneKT7xs0fWXuBBq6iqvdkXty ze1cr7tx0BXkz2dQwkdhd3N8xNb7ZtW2hpLmGbJy/ipHGVdZXbXEvu4z5UYL0B62 6UbVjvPFKJuqfZ4YGaC00MNzoUlLoQigzune/GifBRYuZtNGPFXH4jtLw7DxSCui ocrNnr4SwtvAcOrQw45RJr30clfHQkdEI1493i22OV4xnK6yVKdvQQxcbG9BaBsv JtdF4J4sNi50BUPKna+52FzL0rYhwC0d3doaNVL3LJKpornJ2G/k6UeSANFgI0wa C6gaPkE= =h61k -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Feb 21 05:10:50 2025 Received: (at 75902) by debbugs.gnu.org; 21 Feb 2025 10:10:50 +0000 Received: from localhost ([127.0.0.1]:54019 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tlPzd-0003f4-I1 for submit@debbugs.gnu.org; Fri, 21 Feb 2025 05:10:50 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:58490) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tlPza-0003e1-Le for 75902@debbugs.gnu.org; Fri, 21 Feb 2025 05:10:47 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tlPzU-0005WN-Gj; Fri, 21 Feb 2025 05:10:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=+0inGTK0dQkI4FtjX/J0kdx5CkjwAIYy5l3gu/dce4M=; b=h6mg1Q/bcIuuHzfDYKoP nVth4R5ej1PcxOhslCkHJ9+dRbcPtzyBCl4nTW+8DG51nCkmZtqGFU7372vsdqZbihoOIA6ASyI76 DGLDFILYM/FEWl/uwYaTslkTUJ/QcxrBC6/MPCLS0Q0WXNM0X9pBOVsMELt2VDGv3ECyWo6xzE/ID /hegQHg+lUlfDVKMtOoseBMrkMRlqO2VX2HqXVKwGho9eq/NiKHKxSsQ9ZnNFduKq0m64td1818/V v20bSZwMhubsojdLFYFJenHBRE9dQkJxsafniZQJ0r2sOSlPP4wfy9nuKQmO/0Dw2SELVIQujQ5ZI h28h6mbwsPY5cQ==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Tomas Volf <~@wolfsden.cz> Subject: Re: bug#75902: guile-gnutls does not set up search paths for the certificates In-Reply-To: <87v7ta69ra.fsf@wolfsden.cz> (Tomas Volf's message of "Sun, 16 Feb 2025 00:58:17 +0100") References: <87ikpzhq1q.fsf@wolfsden.cz> <87bjv2x6j0.fsf@gnu.org> <87v7ta69ra.fsf@wolfsden.cz> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Tridi 3 =?utf-8?Q?Vent=C3=B4se?= an 233 de la =?utf-8?Q?R=C3=A9volution=2C?= jour du Violier X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 21 Feb 2025 11:10:37 +0100 Message-ID: <875xl3d2w2.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 75902 Cc: 75902@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Tomas Volf <~@wolfsden.cz> skribis: >> GnuTLS (and thus Guile-GnuTLS) does not honor an environment variable. >> Instead it=E2=80=99s up to applications to set up their certificate sear= ch path. >> >> See for example the discussion at . > > Thank you for the link. However after reading through it, and basing on > your sentence above, is the guile-gnutls not in a position to be > considered "application" that should configure the certificate search > path? Well yes, we can do anything we want. My take on this is that bindings should remain close to the library they=E2=80=99re wrapping, generally spea= king, to avoid bad surprises. I think certificate search should either but up to actual applications (like Guix), as is the case now, or changed in GnuTLS proper. Doing it in guile-gnutls just because we can easily do so doesn=E2=80=99t sound like= a good idea to me. WDYT? Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 16 17:37:28 2025 Received: (at 75902) by debbugs.gnu.org; 16 Mar 2025 21:37:29 +0000 Received: from localhost ([127.0.0.1]:51053 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ttvfj-0006Ti-5s for submit@debbugs.gnu.org; Sun, 16 Mar 2025 17:37:28 -0400 Received: from wolfsden.cz ([37.205.8.62]:39958) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1ttvfe-0006SY-Db for 75902@debbugs.gnu.org; Sun, 16 Mar 2025 17:37:24 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 11A9837A86A; Sun, 16 Mar 2025 21:37:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742161041; bh=er/2pfNGwu0fSa0XZ6o9AmIlj4VsSg+PDGng8BrdX5k=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=tT2sN9PtAoisGZHk/8GCkqB+1KRMhIjIgOW8H2UKIWuYZ9hbBoF2jU6EIwEgHR6vx lJVzCaCjdiOk7C4o+GZl74/rzAcRfwzz+YmJP+pXsXyUxDJS0pAVPqP1QVHsT+ly3D f7CAzg5CZlDxlQIf/Zq0aFMavb5DFO3sWSRpzi5WDSoZBrFxctZZLLYTmFT43ie97H O6PZpCdZ0RUqaPqdjPsbJ1q9lNS/9nwouhu+T8eKWUrCO1yJ4STqMhtZE+VJMtqA3n q/82oENyylHaK2YIHRF9mnFgauXaLiaKDK8Cv65pyvSm29gUOf27y7VoyBfvxWAmoM vjTI+mm5xQBn/qWWwDFucisjTqnG/g5nk8pixtKOgBa6rRUzYbsJKil4QjZx8q6/dI raIISXfPxfq6wDN7ov3ve/X0IloX9uG5u8sD13+31hnZDfbDYQqgUVxLzvlzdJDaUK 9JoAmZEkfqymJtTfSkNJUYzdVZDfjVBvtGjq8y3ZOrow45wsNJzhUrFnA/V6B5hJVg aIQqlTgzHwCHxn9+iTZSYuJWcSNJYPgYlxsyMw5XyyPikgMvXl5GPkTx8G3SxW11Ca ap6R/HCB7FZszCzpy2FarddjxjRes8btYVVYDwP0s5YhxvbYf4xSiYfz1myLZyFvY2 wSoxyfD2NnOQocbByXVLDNBM= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id 38B8B37BE0F; Sun, 16 Mar 2025 21:37:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1742161040; bh=er/2pfNGwu0fSa0XZ6o9AmIlj4VsSg+PDGng8BrdX5k=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=NbibPNHJoDtN4Eu8i85l9tUOerbOk+/IWALOl4PPYB1fYGL0EpcyPezR7zbE5MoAP PRRxPtzDHRTpy61FBw02UmaEudYDWOibO406/uGxMGlY3eA+KBxExGwABy9/nhxOK6 WYtckuCiH/j89N/qH1GrnVPvmzm/iwfBRJ1Xta8XSivhFbUfjEVvB2IoZfWzsC/26d /iGN9ojAYAUrqhBz20zn1SgIcAnIJKXl/lKhw1zNyZvNeiPcs+b4VGIhEu3tuoOSY9 CCyCo9mihZmSuZOFRcUdN0iOqsUuUB7jVknUd7hCakpfpZTPdBD0uIjxb4aqwnEL9D VCioKd+PEGOcLfhYwR44Ze7dpm/i9DYGE8bIRgMREZQZGcKTuO+qV9AV/qNJefTKL8 H4lQ7OXq7/4YZjAIyuAtw8fjsJpUtjc759ltUekx5R8xi9QKdzjgOJLVkis6a3BE9g DkQHtDYsLYtvovcBpgnNw2eB8a5GoCcN+VZAtfKW0X9wOi8HbYss10YE9eKg8G+bEO JJQQRE6h/YdPKkaVLecO7SaJboB/GPPSHO6kOhzXVDKlWH9XjX+mgv9+0cV7N9kqVC DPTZ+VAdbtzWFvJCfM5FluVsxiBBvUDCFch2c6jYwun+tEzxstH1XZE689p5Om/YKf YExhs+YOgzLit0KO5KdBzhCc= From: Tomas Volf <~@wolfsden.cz> To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#75902: guile-gnutls does not set up search paths for the certificates In-Reply-To: <875xl3d2w2.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Fri, 21 Feb 2025 11:10:37 +0100") References: <87ikpzhq1q.fsf@wolfsden.cz> <87bjv2x6j0.fsf@gnu.org> <87v7ta69ra.fsf@wolfsden.cz> <875xl3d2w2.fsf@gnu.org> Date: Sun, 16 Mar 2025 22:37:19 +0100 Message-ID: <87y0x4u06o.fsf@wolfsden.cz> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 75902 Cc: 75902@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > Hi, > > Tomas Volf <~@wolfsden.cz> skribis: > >>> GnuTLS (and thus Guile-GnuTLS) does not honor an environment variable. >>> Instead it=E2=80=99s up to applications to set up their certificate sea= rch path. >>> >>> See for example the discussion at . >> >> Thank you for the link. However after reading through it, and basing on >> your sentence above, is the guile-gnutls not in a position to be >> considered "application" that should configure the certificate search >> path? > > Well yes, we can do anything we want. My take on this is that bindings > should remain close to the library they=E2=80=99re wrapping, generally sp= eaking, > to avoid bad surprises. > > I think certificate search should either but up to actual applications > (like Guix), as is the case now, or changed in GnuTLS proper. Doing it > in guile-gnutls just because we can easily do so doesn=E2=80=99t sound li= ke a > good idea to me. > > WDYT? Honestly I am not sure what I think. Since Guile is a Scheme, using it from REPL is fairly common, and wanting to do HTTPS requests is probably (well, at least for me) fairly common as well. And currently I am just not sure how to do that in an intuitive way. The first approach anyone probably tries is: =2D-8<---------------cut here---------------start------------->8--- guix shell -CN guile -- guile =2D-8<---------------cut here---------------end--------------->8--- However we all know that does not work. You need both guile-gnutls and nss-certs to get it working, but you can probably get that far by trial and error: =2D-8<---------------cut here---------------start------------->8--- guix shell -CN guile guile-gnutls nss-certs -- guile =2D-8<---------------cut here---------------end--------------->8--- However this *also* does not work, you need to define the environment variables. My personal solution is to just throw curl into the pile of packages to get them, but that is neither intuitive nor elegant. So while I do understand your point above, I also want to have Guile REPL that is easy to use, including for networking experimentation. Maybe a `guile-full' package that would have wider list of dependencies? I am thinking guile-gnutls, guile-readline, guile-colorized, nss-certs and a command wrapper to set the environment. Opinions? Tomas =2D-=20 There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJCBAEBCgAsFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmfXRI8OHH5Ad29sZnNk ZW4uY3oACgkQL7/ufbZ/walWAA/9F/GffuseLO7F1q+mbIzsb0JV3GBX1krlihzh 09jbXu9Qs4wGeHRLScsIqcNU9Rth8VOFoLA3h7p/Z17JfOBhDC8F5svNikZRmUxR +m0Y2d3DBt9xjOt0McAAAnwuCFIgsB55GChRQXoByRSOHcIBiDgn0KYhv/aMtzKY 3WfcrSm1o/qxDoH7naxsfbUd65jvw0DtoNCAyefC1yt5lH6URbHFnKeocvrvKTwT YkybHEpc0zukEVaBKzn68hPk1PFyPr8hJFtfyOwnC0V3XR077J3DT2QTHCRTw6O7 h38xafpOZ2BA4LerCM6JlDZzq6RcYOLwdEVwhrviOGQxoy2Dd/54bjhOEFYyA+yN U8nCg9PEBJeCAlxDXYTWlIem4jqMcy+OobPJNZ3m+V+jXXxLTYbk9lruVILwDcSP 5AHB/rDkUWskscvDHok40Ysqq8QSSuNTxAjESbv9XP9AzA3wcILk6aneuFS6my6C 7OspEJhJ1TD42N7xJXuvOOC5iE814zBn6rAJQ+hW038B8dnZR/WW0oWJ7nGN0ZX0 eLFvNOpVVcffTbeRrki2FuTMTSboEkg/37UNMRZ42GLSzKzOmZhqBvFOq+ODHFpD Sx4+enCUSey7f3xRbzjeNrOdMefRHektarAE+KpddPqh1WRdVrEQWTElE8A/unRV 4LqalPI= =ePQV -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 18 12:45:15 2025 Received: (at 75902) by debbugs.gnu.org; 18 Mar 2025 16:45:16 +0000 Received: from localhost ([127.0.0.1]:42754 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tua43-0007oN-GQ for submit@debbugs.gnu.org; Tue, 18 Mar 2025 12:45:15 -0400 Received: from mail-wr1-x431.google.com ([2a00:1450:4864:20::431]:58753) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1tua3z-0007ji-KQ for 75902@debbugs.gnu.org; Tue, 18 Mar 2025 12:45:13 -0400 Received: by mail-wr1-x431.google.com with SMTP id ffacd0b85a97d-3912c09be7dso3985184f8f.1 for <75902@debbugs.gnu.org>; Tue, 18 Mar 2025 09:45:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742316305; x=1742921105; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=eijWHADp1VyTdri8m6aa3S3+ikTjBRoa7FFU153qoGY=; b=BWa7qLZ14cujcwv7sXGYEJztinoSRxJRqu0jmQ4rJuy3/QXKOZHC2iS1CcUnZg8XWL Iq0/mQTnyKkodyrA+hOsrx0q5sUugS63W5NlXHXlcVtE6mI2oUhDgkvC5q4C59Y6ejuJ IcrVRGyFdqVsta2lYr0HrdHBRg2GOA2eqaaM5JU+m/OvMTWkPHzlzxtrgv0GkJJLbcwy ynEX3ZC5yLj0s6cZhJehXB25vb+/qXnfUiQ87FLKIoptlvlG23qLuwAmDjymmg1DpDgH ZNmrQB0PmAX31bXFmrHNptG9t96HDrjAS6HMTXhuG6gvYz9VBT0MCaYNnUtvF50bhv69 yXaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742316305; x=1742921105; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eijWHADp1VyTdri8m6aa3S3+ikTjBRoa7FFU153qoGY=; b=gxWI+aiALDCJwyGrWqDbeMMIT8BlWZH+bAjCOB4vBtmro2VZVV2uoFIWHzhdYZFjjW +WmYOZ1znf3P8EQeGgEl0AeOo1dRPvyDRhWMeC24/pN2PMlB96HlEl0NYiC0cwQs+bPF zJDNHk0hpipcfdIzDm7J+9YemvbFTrsfBXRE6gYddL9vrNiNOUM6/IlwHDU8ZhyVYp3d ecoR7HR0r3I3Qyod/uQwPaJwfSWla6vPvgGwNEd42iJquZoKrLEwcE56Xn9sUmRJ8xNH mVk58I0wmRYpi3hj64W2y+6hcx7N2vhRilxv5R/1krt13XLGimN/OZdIq3eloUy3kRDq bQsg== X-Gm-Message-State: AOJu0YxVI6+gCGs/CqUpfcFb1zfeFVw/CnhkbAYz9qa2tzc9eh4sVpHF iKCWBjhUrf6iF8yXi/hiWPhqlygNNrgV9du3lLdGnB4GxbD1nggxb0UzIw== X-Gm-Gg: ASbGnctkJj9MJyDasTlx0cz4RVJA4Rze2O0aBoMhuP3Gn8t7aDI6X30vtp1pqqRVHd4 i0Ow1fpYI1kRVGtziVcIS1thXgjw7mzQA4aBZOMbpEqoJeLr8hfL6bxopH7yQbApW222qLrVddn CH4+4dgz7SJ4LZy7MJEjc+YtiJga4skmzyBUY5wg5SCxpsZVbPhMrHTCNepZS1xmLKjhi3IJtWG iuLtgyiFuCG3a/P1A2OwAaSK9Ckn3jRbgO21yyGmrsDdufU6q//H5JmgH88DJJI2F6oGd8JQNiG KWGeLeeXFQL6782Isx9kGPNnhTwwnmIAVSVmvWz5YCRraYFr0l+MJpcq+voMRP0v8ptcijkT7vD svqW01kDsNFGmhPV7sHZXYNeon2tPyRRozAgWtKxi X-Google-Smtp-Source: AGHT+IEaFa48AYgorjxMjLy5y3gXQdQE2Hp5zXxjGTknrRs4jCzvcF0GnJBDr+NICGjKpJQGSKOgQQ== X-Received: by 2002:a05:6000:188d:b0:391:ba6:c066 with SMTP id ffacd0b85a97d-3971f12d202mr22489787f8f.35.1742316305138; Tue, 18 Mar 2025 09:45:05 -0700 (PDT) Received: from lili (roam-nat-fw-prg-194-254-61-41.net.univ-paris-diderot.fr. [194.254.61.41]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-395cb7eb9d7sm18311203f8f.89.2025.03.18.09.45.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 18 Mar 2025 09:45:04 -0700 (PDT) From: Simon Tournier To: Ludovic =?utf-8?Q?Court=C3=A8s?= , Tomas Volf <~@wolfsden.cz> Subject: Re: bug#75902: guile-gnutls does not set up search paths for the certificates In-Reply-To: <875xl3d2w2.fsf@gnu.org> References: <87ikpzhq1q.fsf@wolfsden.cz> <87bjv2x6j0.fsf@gnu.org> <87v7ta69ra.fsf@wolfsden.cz> <875xl3d2w2.fsf@gnu.org> Date: Tue, 18 Mar 2025 15:15:33 +0100 Message-ID: <87ecyu4e7u.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 75902 Cc: 75902@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, On Fri, 21 Feb 2025 at 11:10, Ludovic Court=C3=A8s wrote: >>> GnuTLS (and thus Guile-GnuTLS) does not honor an environment variable. >>> Instead it=E2=80=99s up to applications to set up their certificate sea= rch path. >>> >>> See for example the discussion at . [...] > I think certificate search should either but up to actual applications > (like Guix), as is the case now, or changed in GnuTLS proper. Doing it > in guile-gnutls just because we can easily do so doesn=E2=80=99t sound li= ke a > good idea to me. Somehow it=E2=80=99s documented [1] for the one who knows very well all the= Guix quirks. ;-) Do we agree that typing this: $ guix shell -CN guile guile-gnutls nss-certs [env]$ export SSL_CERT_DIR=3D$GUIX_ENVIRONMENT/etc/ssl/certs [env]$ export SSL_CERT_FILE=3D$GUIX_ENVIRONMENT/etc/ssl/certs/ca-certif= icates.crt [env]$ guile [...] scheme@(guile-user)> ,use(web client) scheme@(guile-user)> (http-get "https://gnu.org") $1 =3D #< version: (1 . 1) =E2=80=A6 $2 =3D "