aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2019-10-21 15:33:32 +0200
committerLudovic Courtès <ludo@gnu.org>2019-10-21 18:16:16 +0200
commit674e143cf8e7dff7d62a29c63e43839efc23edba (patch)
tree325e98f5e173ebda63df8dadde6565943970e65d
parenta273796ce5c016327ca4eec866e9ef696b617ccb (diff)
downloadguix-674e143cf8e7dff7d62a29c63e43839efc23edba.tar
guix-674e143cf8e7dff7d62a29c63e43839efc23edba.tar.gz
download: Honor /etc/ssl/certs when 'SSL_CERT_DIR' is not set.
* guix/build/download.scm (%x509-certificate-directory): Use "/etc/ssl/certs" as a last resort. This ensures, for instance, that 'guix download' honors system-wide certificates when SSL_CERT_DIR is unset.
-rw-r--r--guix/build/download.scm3
1 files changed, 2 insertions, 1 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm
index 0c9c61de4b..a4c91550a6 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -172,7 +172,8 @@ session record port using PORT as its underlying communication port."
(define %x509-certificate-directory
;; The directory where X.509 authority PEM certificates are stored.
(make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
- (getenv "SSL_CERT_DIR")))) ;like OpenSSL
+ (getenv "SSL_CERT_DIR") ;like OpenSSL
+ "/etc/ssl/certs")))
(define (set-certificate-credentials-x509-trust-file!* cred file format)
"Like 'set-certificate-credentials-x509-trust-file!', but without the file