Re: Openssl and certificate directory

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Openssl and certificate directory

From:	Mark H Weaver
Subject:	Re: Openssl and certificate directory
Date:	Sun, 08 Feb 2015 10:49:42 -0500
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux)

address@hidden (Ludovic Courtès) writes:

> Andreas Enge <address@hidden> skribis:
>
>> On Sat, Feb 07, 2015 at 08:57:32PM -0500, Mark H Weaver wrote:
>>> Unlike GnuTLS, OpenSSL supports setting the trust store location using
>>> environment variables, specifically SSL_CERT_DIR and SSL_CERT_FILE.
>>> Shouldn't we just use those?
>>
>> I had read about these, but the documentation mentions them only in the
>> context of c_rehash. So I thought they were not generally applicable. But
>> indeed they are, I just tried SSL_CERT_DIR with youtube-dl. Also, it can be
>> a ":" separated list of directories. So we should probably encourage its
>> usage by defining a search path with our (future) certificate packages.
>
> [...]
>
>> So maybe we do not need it at all? What do you think?
>
> I agree, we should just use SSL_CERT_DIR and SSL_CERT_FILE.
>
> We could indeed add a ‘search-path-specification’ in OpenSSL for
> SSL_CERT_DIR.

Sounds good to me!

    Thanks!
      Mark

[Prev in Thread]

Current Thread

[Next in Thread]

Openssl and certificate directory, Andreas Enge, 2015/02/07
- Re: Openssl and certificate directory, Mark H Weaver, 2015/02/07
  - Re: Openssl and certificate directory, Andreas Enge, 2015/02/08
    - Re: Openssl and certificate directory, Ludovic Courtès, 2015/02/08
    - Re: Openssl and certificate directory, Mark H Weaver <=

Prev by Date: Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store
Next by Date: Re: [PATCH] gnu: gnutls: Configure location of system-wide trust store
Previous by thread: Re: Openssl and certificate directory
Next by thread: Numpy failures
Index(es):
- Date
- Thread