From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark H Weaver Subject: Re: Openssl and certificate directory Date: Sat, 07 Feb 2015 20:57:32 -0500 Message-ID: <874mqx2mib.fsf@netris.org> References: <20150207151748.GA6943@debian> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35752) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YKH7u-0001to-6X for guix-devel@gnu.org; Sat, 07 Feb 2015 20:57:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YKH7r-0003qT-0c for guix-devel@gnu.org; Sat, 07 Feb 2015 20:57:34 -0500 Received: from world.peace.net ([50.252.239.5]:39504) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YKH7q-0003qN-SS for guix-devel@gnu.org; Sat, 07 Feb 2015 20:57:30 -0500 In-Reply-To: <20150207151748.GA6943@debian> (Andreas Enge's message of "Sat, 7 Feb 2015 16:17:48 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Andreas Enge Cc: guix-devel@gnu.org Andreas Enge writes: > the attached patch does the same thing as we just pushed for gnutls: > It sets the global certificate store to files and directories inside > /etc/ssl. Unlike GnuTLS, OpenSSL supports setting the trust store location using environment variables, specifically SSL_CERT_DIR and SSL_CERT_FILE. Shouldn't we just use those? > It should be applied after the update to 1.0.2, which I am > trying to have built by hydra on the wip-openssl branch (except that hydra > refuses to evaluate this for the last few hours, did I make a mistake?). If we were to apply this patch, I'd rather have just one rebuild rather than two, especially since our MIPS build slave is unable to keep up as it is. What do you think? Best, Mark