unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* CA certificates
@ 2015-02-10 20:14 Andreas Enge
  2015-02-12 16:44 ` Andreas Enge
                   ` (2 more replies)
  0 siblings, 3 replies; 15+ messages in thread
From: Andreas Enge @ 2015-02-10 20:14 UTC (permalink / raw)
  To: guix-devel

The attached patch series
1) adds a (private) python script to extract single certificates in .pem 
   format from a big textfile in mozilla source format;
2) adds the package nss-certs, which contains the certificates thus extracted
   in OUT/etc/ssl/certs, preprocessed with c_rehash for use with openssl;
3) adds "etc/ssl/certs" as a native-search-path for SSL_CERT_DIR to openssl.

So if you do a
   guix package -i openssl nss-certs youtube-dl
and add SSL_CERT_DIR as stipulated by the text output after the installation,
things work out of the box.

The search path definition means that we could have alternative root
certificate packages (potentially one per certification authority) and that
the user could install the ones he trusts.

The patches currently are in a branch wip-certs. Suggestions are welcome.

Andreas

^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2015-03-01 16:49 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-10 20:14 CA certificates Andreas Enge
2015-02-12 16:44 ` Andreas Enge
2015-02-12 17:26 ` Mark H Weaver
2015-02-12 19:48   ` Andreas Enge
2015-02-12 20:20   ` Locale of build environments Ludovic Courtès
2015-02-12 20:28     ` Andreas Enge
2015-02-15  0:12     ` Mark H Weaver
2015-02-26 23:16     ` Ludovic Courtès
2015-02-26 23:45       ` Mark H Weaver
2015-02-27 10:36         ` Ludovic Courtès
2015-02-27 14:13           ` Ludovic Courtès
2015-03-01 16:48             ` Ludovic Courtès
2015-02-13  7:28   ` CA certificates Mark H Weaver
2015-02-13 10:23     ` Andreas Enge
2015-02-12 20:30 ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).