From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store Date: Wed, 4 Feb 2015 13:42:00 +0100 Message-ID: <20150204124200.GA21930@debian.eduroam.u-bordeaux.fr> References: <87r3u7di49.fsf@netris.org> <20150204123652.GA21908@debian.eduroam.u-bordeaux.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47564) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YIzHY-0007sO-G8 for guix-devel@gnu.org; Wed, 04 Feb 2015 07:42:13 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YIzHU-0003mC-A4 for guix-devel@gnu.org; Wed, 04 Feb 2015 07:42:12 -0500 Received: from mout.kundenserver.de ([212.227.126.131]:49439) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YIzHU-0003m1-0d for guix-devel@gnu.org; Wed, 04 Feb 2015 07:42:08 -0500 Content-Disposition: inline In-Reply-To: <20150204123652.GA21908@debian.eduroam.u-bordeaux.fr> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Mark H Weaver Cc: guix-devel@gnu.org PS: Ideally, I still think it would be optimal if gnutls used a per user environment variable, in the spirit of liberating users and not system administrators. I will enquire. But for the time being, the global specification looks better than nothing. When I have some time, I will try to look into how to package certificates of certification authorities. Putting individual certificates into /etc/ssl/certs (and running c_rehash before installation) should make them usable by gnutls and openssl alike. PPS: Once the new gnutls is pushed, I would like to also try an update of openssl in a wip branch.