[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificates in pure and containerized environments

From: Maxim Cournoyer
Subject: Re: Certificates in pure and containerized environments
Date: Mon, 11 Oct 2021 11:05:24 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Hello Konrad,

Konrad Hinsen <> writes:

> Hi Maxim,
>> The key thing here is whether the certs are required by OpenSSL vs
>> GnuTLS.  The former honors SSL_CERT_DIR, while the later does not (I
> ...
>> I hope that helps!
> Thanks, that certainly helps to understand the issues.
> My preferred approach would be to manage all certificates as Guix
> packages, and not have any environment variables.  That would be the
> opposite of your proposal to make GnuTLS honor SSL_CERT_DIRS. It's
> always a mess to have multiple uncoordinated environment managers.

I agree that managing certs with Guix has many benefits, and having
GnuTLS honor an SSL_CERTS_DIRS environment variable would enable that.
Remember that installing nss-certs or your certs of choice package to a
profile is not enough to have them discovered; something such as en
environment variable and a search path specification is also necessary.

Currently, even if you package you certs with Guix, if you install them
to a profile GnuTLS wouldn't know to use them unless you make them
available from /etc/ssl/certs/.

I hope that clarifies things.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]