[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store
|
From: |
Andreas Enge |
|
Subject: |
Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store |
|
Date: |
Wed, 25 Feb 2015 01:25:37 +0100 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Tue, Feb 24, 2015 at 03:31:14PM -0500, Mark H Weaver wrote:
> The single-file bundle is just a concatenation of all the individual PEM
> data, starting with "-----BEGIN CERTIFICATE-----" and ending with
> "-----END CERTIFICATE-----", including those delimiters.
> The only caveat is that the individual PEM files are not required to
> have a newline after the "-----END CERTIFICATE-----", but in the
> single-file cert bundle, we must ensure that the newline is present.
I just did a "cat" of two .pem files from nss-certs, and the result
looked good. There are comment lines (starting with #) between the
"-----END CERTIFICATE-----" and the following "-----BEGIN CERTIFICATE-----",
which I hope is okay.
> I think it belongs in the profile generation code for the benefit of
> users running Guix packages on top of another distro, where they might
> not have root access. They can simply set GIT_SSL_CAINFO and
> SSL_CERT_FILE to ~/.guix-profile/etc/ssl/ca-certificates.crt
> What do you think?
Yes, that sounds like the right approach: Create a concatenation of all the
files in ~/.guix-profile/etc/ssl/certs .
Andreas
Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store, Mark H Weaver, 2015/02/15