diff options
author | Ludovic Courtès <ludo@gnu.org> | 2019-10-21 15:33:32 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2019-10-21 18:16:16 +0200 |
commit | 674e143cf8e7dff7d62a29c63e43839efc23edba (patch) | |
tree | 325e98f5e173ebda63df8dadde6565943970e65d | |
parent | a273796ce5c016327ca4eec866e9ef696b617ccb (diff) | |
download | guix-674e143cf8e7dff7d62a29c63e43839efc23edba.tar guix-674e143cf8e7dff7d62a29c63e43839efc23edba.tar.gz |
download: Honor /etc/ssl/certs when 'SSL_CERT_DIR' is not set.
* guix/build/download.scm (%x509-certificate-directory): Use
"/etc/ssl/certs" as a last resort. This ensures, for instance, that
'guix download' honors system-wide certificates when SSL_CERT_DIR is
unset.
-rw-r--r-- | guix/build/download.scm | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm index 0c9c61de4b..a4c91550a6 100644 --- a/guix/build/download.scm +++ b/guix/build/download.scm @@ -172,7 +172,8 @@ session record port using PORT as its underlying communication port." (define %x509-certificate-directory ;; The directory where X.509 authority PEM certificates are stored. (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY") - (getenv "SSL_CERT_DIR")))) ;like OpenSSL + (getenv "SSL_CERT_DIR") ;like OpenSSL + "/etc/ssl/certs"))) (define (set-certificate-credentials-x509-trust-file!* cred file format) "Like 'set-certificate-credentials-x509-trust-file!', but without the file |