guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CA certificates


From: Andreas Enge
Subject: CA certificates
Date: Tue, 10 Feb 2015 21:14:52 +0100
User-agent: Mutt/1.5.23 (2014-03-12)

The attached patch series
1) adds a (private) python script to extract single certificates in .pem 
   format from a big textfile in mozilla source format;
2) adds the package nss-certs, which contains the certificates thus extracted
   in OUT/etc/ssl/certs, preprocessed with c_rehash for use with openssl;
3) adds "etc/ssl/certs" as a native-search-path for SSL_CERT_DIR to openssl.

So if you do a
   guix package -i openssl nss-certs youtube-dl
and add SSL_CERT_DIR as stipulated by the text output after the installation,
things work out of the box.

The search path definition means that we could have alternative root
certificate packages (potentially one per certification authority) and that
the user could install the ones he trusts.

The patches currently are in a branch wip-certs. Suggestions are welcome.

Andreas




reply via email to

[Prev in Thread] Current Thread [Next in Thread]