From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store Date: Wed, 4 Feb 2015 13:36:52 +0100 Message-ID: <20150204123652.GA21908@debian.eduroam.u-bordeaux.fr> References: <87r3u7di49.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46468) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YIzD7-0006ai-2q for guix-devel@gnu.org; Wed, 04 Feb 2015 07:37:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YIzD2-0002cH-NS for guix-devel@gnu.org; Wed, 04 Feb 2015 07:37:36 -0500 Received: from mout.kundenserver.de ([212.227.126.131]:62286) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YIzD2-0002bt-FC for guix-devel@gnu.org; Wed, 04 Feb 2015 07:37:32 -0500 Content-Disposition: inline In-Reply-To: <87r3u7di49.fsf@netris.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Mark H Weaver Cc: guix-devel@gnu.org Hello, On Mon, Feb 02, 2015 at 06:11:02PM -0500, Mark H Weaver wrote: > + "--with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt"))) I would suggest to use --with-default-trust-store-dir=/etc/ssl/certs instead. The option is available in gnutls-3.3.12, which I am building in the wip-gnutls branch right now, and which looks good to push. This would allow us to provide not only a single file, but to potentially merge different trust stores. We could also, for instance, prepare a package per certification authority, so that the user could install exactly the ones he trusts. Andreas