Hello Konrad, Konrad Hinsen <[email protected]> writes:
> Hi Maxim, > >> The key thing here is whether the certs are required by OpenSSL vs >> GnuTLS. The former honors SSL_CERT_DIR, while the later does not (I > ... > >> I hope that helps! > > Thanks, that certainly helps to understand the issues. > > My preferred approach would be to manage all certificates as Guix > packages, and not have any environment variables. That would be the > opposite of your proposal to make GnuTLS honor SSL_CERT_DIRS. It's > always a mess to have multiple uncoordinated environment managers. I agree that managing certs with Guix has many benefits, and having GnuTLS honor an SSL_CERTS_DIRS environment variable would enable that. Remember that installing nss-certs or your certs of choice package to a profile is not enough to have them discovered; something such as en environment variable and a search path specification is also necessary. Currently, even if you package you certs with Guix, if you install them to a profile GnuTLS wouldn't know to use them unless you make them available from /etc/ssl/certs/. I hope that clarifies things. Thanks, Maxim
