From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [PATCH] gnurl: add CA path to configure-flags Date: Mon, 13 Jun 2016 16:43:32 +0200 Message-ID: <87eg81du97.fsf@gnu.org> References: <20160611205128.GA23445@khazad-dum> <20160612142215.GA20253@solar> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53630) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bCT5Y-0007QW-Sm for guix-devel@gnu.org; Mon, 13 Jun 2016 10:43:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bCT5U-0000FF-Tc for guix-devel@gnu.org; Mon, 13 Jun 2016 10:43:40 -0400 In-Reply-To: <20160612142215.GA20253@solar> (Andreas Enge's message of "Sun, 12 Jun 2016 16:22:15 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Andreas Enge Cc: guix-devel@gnu.org Hi, Andreas Enge skribis: > On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote: >> * gnurl(configure-flags): --with-ca-path=3D/etc/ssl/certs/ > > my impression is that this absolute path does not do what we would like > it to. Optimally, the user would decide, by installing a certificate bund= le > into the profile, which certificates to use. And on a foreign distro, the > random certificate bundle in /etc/ssl/certs, which does not come from Gui= x, > would be used by the Guix gnurl, which would be surprising. Besides, our cURL and Gnurl packages are linked against GnuTLS, which is itself configured with =E2=80=98--with-default-trust-store-dir=3D/etc/ssl/c= erts=E2=80=99. Does =E2=80=98--with-ca-path=E2=80=99 change anything to that? Thanks, Ludo=E2=80=99.