[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificates in pure and containerized environments
|
From: |
Konrad Hinsen |
|
Subject: |
Re: Certificates in pure and containerized environments |
|
Date: |
Wed, 13 Oct 2021 13:51:40 +0200 |
Hi Maxim,
> I agree that managing certs with Guix has many benefits, and having
> GnuTLS honor an SSL_CERTS_DIRS environment variable would enable that.
Yes, but it would also make it hard to avoid non-Guix-managed
certificates from being used, be it through user (configuration)
error or malice.
> Remember that installing nss-certs or your certs of choice package to a
> profile is not enough to have them discovered; something such as en
> environment variable and a search path specification is also necessary.
That's exactly what I'd like to change (ideally, I don't know if that is
even possible). Configuration via Guix and nothing but
Guix. The only certificates being used are those defined in a Guix
profile or environment.
Cheers,
Konrad.