From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?utf-8?B?VG9tw6HFoSDEjGVjaA==?= Subject: Re: [PATCH] gnu: curl: Update to 7.41.0. Fix #20121. Date: Sun, 22 Mar 2015 18:41:15 +0100 Message-ID: <20150322174115.GA13755@venom> References: <1427019636-24875-1-git-send-email-sleep_walker@gnu.org> <87vbht7yyc.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gKMricLos+KVdGMg" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44985) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YZjsC-00049F-Lk for guix-devel@gnu.org; Sun, 22 Mar 2015 13:41:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YZjs8-0000nM-IU for guix-devel@gnu.org; Sun, 22 Mar 2015 13:41:16 -0400 Received: from cantor2.suse.de ([195.135.220.15]:41144 helo=mx2.suse.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YZjs8-0000nI-Cv for guix-devel@gnu.org; Sun, 22 Mar 2015 13:41:12 -0400 Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id BEEE8AD32 for ; Sun, 22 Mar 2015 17:41:11 +0000 (UTC) Content-Disposition: inline In-Reply-To: <87vbht7yyc.fsf@netris.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org --gKMricLos+KVdGMg Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Thanks for review! On Sun, Mar 22, 2015 at 12:56:43PM -0400, Mark H Weaver wrote: >Tom=C3=A1=C5=A1 =C4=8Cech writes: > >> @@ -60,7 +64,18 @@ >> ("pkg-config" ,pkg-config) >> ("python" ,python-2))) >> (arguments >> - `(#:configure-flags '("--with-gnutls" "--with-gssapi") >> + `(#:configure-flags >> + '("--with-gnutls" "--with-gssapi" "--enable-http" >> + ;; This option requires parameter so let's use this one >> + ;; - when it exists, it makes sense >> + ;; - when it doesn't exist, we can still use SSL_CERT_DIR envir= onment >> + ;; variable to set it per user or for whole system >> + ;; Fixes #20121. >> + "--with-ca-path=3D/etc/ssl/certs" > >It would be better to avoid passing the --with-ca-path=3D option. We are >attempting to move away from having any compiled-in system-wide location >for the CA trust store. Each user should be able to specify their >desired trust store using environment variables or other settings. I verified that patch is now sufficient as solution and I verified that it respects SSL_CERT_DIR with that so it is ideal solution. Thanks for kicking me step further. (And yes, that patch is really needed :) I'll update the patch accordingly. S_W --gKMricLos+KVdGMg Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlUO/rkACgkQ37XrCapiVCO+NgCfXQOdCi/qAvOR9OatY5MAnR0R 0lcAn2WpAwq8GU+nlZgKYJw1nDHW7zN9 =VHgr -----END PGP SIGNATURE----- --gKMricLos+KVdGMg--