[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificates in pure and containerized environments
From: |
Maxim Cournoyer |
Subject: |
Re: Certificates in pure and containerized environments |
Date: |
Mon, 11 Oct 2021 11:05:24 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hello Konrad,
Konrad Hinsen <konrad.hinsen@fastmail.net> writes:
> Hi Maxim,
>
>> The key thing here is whether the certs are required by OpenSSL vs
>> GnuTLS. The former honors SSL_CERT_DIR, while the later does not (I
> ...
>
>> I hope that helps!
>
> Thanks, that certainly helps to understand the issues.
>
> My preferred approach would be to manage all certificates as Guix
> packages, and not have any environment variables. That would be the
> opposite of your proposal to make GnuTLS honor SSL_CERT_DIRS. It's
> always a mess to have multiple uncoordinated environment managers.
I agree that managing certs with Guix has many benefits, and having
GnuTLS honor an SSL_CERTS_DIRS environment variable would enable that.
Remember that installing nss-certs or your certs of choice package to a
profile is not enough to have them discovered; something such as en
environment variable and a search path specification is also necessary.
Currently, even if you package you certs with Guix, if you install them
to a profile GnuTLS wouldn't know to use them unless you make them
available from /etc/ssl/certs/.
I hope that clarifies things.
Thanks,
Maxim