From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: [PATCH] gnurl: add CA path to configure-flags Date: Mon, 13 Jun 2016 15:38:34 +0000 Message-ID: <20160613153834.GA4065@khazad-dum> References: <20160611205128.GA23445@khazad-dum> <20160612142215.GA20253@solar> <87eg81du97.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="AqsLC8rIMeq19msA" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41509) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCTwu-00085F-Kw for guix-devel@gnu.org; Mon, 13 Jun 2016 11:38:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCTwq-0005r5-KG for guix-devel@gnu.org; Mon, 13 Jun 2016 11:38:48 -0400 Received: from 93-95-228-168.1984.is ([93.95.228.168]:45739 helo=beleriand.n0.is) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCTwq-0005qa-5q for guix-devel@gnu.org; Mon, 13 Jun 2016 11:38:44 -0400 Received: by beleriand.n0.is (OpenSMTPD) with ESMTPSA id 2663e97a TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO for ; Mon, 13 Jun 2016 15:38:38 +0000 (UTC) Content-Disposition: inline In-Reply-To: <87eg81du97.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --AqsLC8rIMeq19msA Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2016-06-13(04:43:32+0200), Ludovic Court=C3=A8s wrote: > Hi, > > Andreas Enge skribis: > > > On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote: > >> * gnurl(configure-flags): --with-ca-path=3D/etc/ssl/certs/ > > > > my impression is that this absolute path does not do what we would like > > it to. Optimally, the user would decide, by installing a certificate bu= ndle > > into the profile, which certificates to use. And on a foreign distro, t= he > > random certificate bundle in /etc/ssl/certs, which does not come from G= uix, > > would be used by the Guix gnurl, which would be surprising. > > Besides, our cURL and Gnurl packages are linked against GnuTLS, which is > itself configured with =E2=80=98--with-default-trust-store-dir=3D/etc/ssl= /certs=E2=80=99. > > Does =E2=80=98--with-ca-path=E2=80=99 change anything to that? > > Thanks, > Ludo=E2=80=99. > I strongly assume that with those set, --with-ca-path is unnecessary. This is something which Jookia came up with, I had it sitting in the work in progress patches. I know patches are now tracked in patchworks, can they be closed via Email, or do I have to sign up? Else someone who already is signed up can close this, as from my perspective this is done. -- =E2=99=A5=E2=92=B6 ng0 For non-prism friendly talk find me on psyced.org / loupsycedyglgamf.onion --AqsLC8rIMeq19msA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iF4EARYKAAYFAlde03UACgkQhhoAchyzrCB3swD6Avvyjo+ZlDz+yLBiCd9nFJTQ cul6DKDl8gg0bMCvWS4A/3iuxCrppP0rwTh3ehe9L/N1tZdYAWZN94F7ooe0LP4P =qV0O -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA--