Hi everyone,
I'm closing this, on the assumption that the original issue is no more:
gnutls is now configured to use p11-kit by default, which itself is
configured to use the nss-certs as a default trust store [0], [1].
[0] 38e7132dcfd ("gnu: gnutls: Use p11-kit to provide the default.")
[1] 2314a89ccc1 ("gnu: p11-kit: Add nss-certs to default trust path.")
In practice, this means gnutls always have access to the nss-certs,
unless a user went out of their way to configure p11-kit on their system
to do otherwise.
Note that this now means that gnutls is now simple (yet remaining
configurable via p11-kit) to use than openssl on Guix, anywhere you
might use it (in containers, profiles or elsewhere). Let's rejoice!
--
Thanks,
Maxim
