GNU bug report logs - #75902
guile-gnutls does not set up search paths for the certificates

Previous Next

Full log

Message #20 received at 75902 <at> debbugs.gnu.org (full text, mbox):

From: Simon Tournier <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, Tomas Volf <~@wolfsden.cz>
Cc: 75902 <at> debbugs.gnu.org
Subject: Re: bug#75902: guile-gnutls does not set up search paths for the
 certificates
Date: Tue, 18 Mar 2025 15:15:33 +0100

Hi,

On Fri, 21 Feb 2025 at 11:10, Ludovic Courtès <ludo <at> gnu.org> wrote:

>>> GnuTLS (and thus Guile-GnuTLS) does not honor an environment variable.
>>> Instead it’s up to applications to set up their certificate search path.
>>>
>>> See for example the discussion at <https://issues.guix.gnu.org/46779>.

[...]

> I think certificate search should either but up to actual applications
> (like Guix), as is the case now, or changed in GnuTLS proper.  Doing it
> in guile-gnutls just because we can easily do so doesn’t sound like a
> good idea to me.

Somehow it’s documented [1] for the one who knows very well all the Guix
quirks. ;-)

Do we agree that typing this:

    $ guix shell -CN guile guile-gnutls nss-certs

    [env]$ export SSL_CERT_DIR=$GUIX_ENVIRONMENT/etc/ssl/certs
    [env]$ export SSL_CERT_FILE=$GUIX_ENVIRONMENT/etc/ssl/certs/ca-certificates.crt

    [env]$ guile
[...]
    scheme@(guile-user)> ,use(web client)
    scheme@(guile-user)> (http-get "https://gnu.org")
    $1 = #<<response> version: (1 . 1) …
    $2 = "<!DOCTYPE HTML PUBLIC …

is cumbersome?  And not intuitive, to put it mildly.

As Tomas is proposing, maybe we could have a package
’guile-gnutls-certs’ which would do all the search-paths dance?

WDYT?

Cheers,
simon


1: https://guix.gnu.org/manual/devel/en/guix.html#X.509-Certificates

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.