From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [PATCH] gnurl: add CA path to configure-flags Date: Tue, 14 Jun 2016 12:12:56 +0200 Message-ID: <87y468gjtj.fsf@gnu.org> References: <20160611205128.GA23445@khazad-dum> <20160612142215.GA20253@solar> <87eg81du97.fsf@gnu.org> <20160613153834.GA4065@khazad-dum> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37352) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bClLD-0006qn-39 for guix-devel@gnu.org; Tue, 14 Jun 2016 06:13:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bClL8-0001el-Sp for guix-devel@gnu.org; Tue, 14 Jun 2016 06:13:02 -0400 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:50144) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bClL8-0001ec-P9 for guix-devel@gnu.org; Tue, 14 Jun 2016 06:12:58 -0400 Received: from pluto.bordeaux.inria.fr ([193.50.110.57]:60196 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1bClL8-0001TZ-3k for guix-devel@gnu.org; Tue, 14 Jun 2016 06:12:58 -0400 In-Reply-To: <20160613153834.GA4065@khazad-dum> (ng0@we.make.ritual.n0.is's message of "Mon, 13 Jun 2016 15:38:34 +0000") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org ng0 skribis: > On 2016-06-13(04:43:32+0200), Ludovic Court=C3=A8s wrote: >> Hi, >> >> Andreas Enge skribis: >> >> > On Sat, Jun 11, 2016 at 08:51:28PM +0000, ng0 wrote: >> >> * gnurl(configure-flags): --with-ca-path=3D/etc/ssl/certs/ >> > >> > my impression is that this absolute path does not do what we would like >> > it to. Optimally, the user would decide, by installing a certificate b= undle >> > into the profile, which certificates to use. And on a foreign distro, = the >> > random certificate bundle in /etc/ssl/certs, which does not come from = Guix, >> > would be used by the Guix gnurl, which would be surprising. >> >> Besides, our cURL and Gnurl packages are linked against GnuTLS, which is >> itself configured with =E2=80=98--with-default-trust-store-dir=3D/etc/ss= l/certs=E2=80=99. >> >> Does =E2=80=98--with-ca-path=E2=80=99 change anything to that? >> >> Thanks, >> Ludo=E2=80=99. >> > > I strongly assume that with those set, --with-ca-path is unnecessary. Fine. :-) > I know patches are now tracked in patchworks, can they be closed via > Email, or do I have to sign up? Else someone who already is signed up > can close this, as from my perspective this is done. I think one has to login, which is quite inconvenient. Ludo=E2=80=99.