guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: download: Work around GnuTLS bug with UTF-8 certificate file name

From: Ludovic Courtès
Subject: 01/01: download: Work around GnuTLS bug with UTF-8 certificate file names.
Date: Tue, 30 May 2017 07:25:02 -0400 (EDT) 
civodul pushed a commit to branch master
in repository guix.

commit 27fd13c3c2701204f48fe0012438edbb91957dfc
Author: Ludovic Courtès <address@hidden>
Date:   Tue May 30 10:11:13 2017 +0200

    download: Work around GnuTLS bug with UTF-8 certificate file names.
    
    Reported by Mark H Weaver <address@hidden>
    at <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>.
    
    * guix/build/download.scm (set-certificate-credentials-x509-trust-file!*):
    New procedure.
    (make-credendials-with-ca-trust-files): Use it instead of
    'set-certificate-credentials-x509-trust-file!'.
---
 guix/build/download.scm | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/guix/build/download.scm b/guix/build/download.scm
index ce4708a..6ef6233 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -296,6 +296,13 @@ session record port using PORT as its underlying 
communication port."
   (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
                       (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
 
+(define (set-certificate-credentials-x509-trust-file!* cred file format)
+  "Like 'set-certificate-credentials-x509-trust-file!', but without the file
+name decoding bug described at
+<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>."
+  (let ((data (call-with-input-file file get-bytevector-all)))
+    (set-certificate-credentials-x509-trust-data! cred data format)))
+
 (define (make-credendials-with-ca-trust-files directory)
   "Return certificate credentials with X.509 authority certificates read from
 DIRECTORY.  Those authority certificates are checked when
@@ -309,7 +316,7 @@ DIRECTORY.  Those authority certificates are checked when
                 (let ((file (string-append directory "/" file)))
                   ;; Protect against dangling symlinks.
                   (when (file-exists? file)
-                    (set-certificate-credentials-x509-trust-file!
+                    (set-certificate-credentials-x509-trust-file!*
                      cred file
                      x509-certificate-format/pem))))
               (or files '()))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]