Andreas Enge skribis: > The attached patch series > 1) adds a (private) python script to extract single certificates in .pem > format from a big textfile in mozilla source format; > 2) adds the package nss-certs, which contains the certificates thus extracted > in OUT/etc/ssl/certs, preprocessed with c_rehash for use with openssl; > 3) adds "etc/ssl/certs" as a native-search-path for SSL_CERT_DIR to openssl. Cool. I agree with Mark’s suggestion regarding UTF-8 file name handling. Other than that the patches LGTM. All this X.509 stuff looks like a security quagmire but I suppose we’ll have to live with it for some time more... > So if you do a > guix package -i openssl nss-certs youtube-dl > and add SSL_CERT_DIR as stipulated by the text output after the installation, > things work out of the box. Nice! The (untested) patch below binds nss-certs to /etc/ssl/certs on GuixSD, which should allow for more out-of-the-box goodness. :-)