From 9cfea9fe2e3ca6a3d1b832a6ec217426ec973c93 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Fri, 29 Sep 2017 09:44:37 +0200
Subject: Do not mistakenly use 'GIT_SSL_CAINFO' as a directory name.

'GIT_SSL_CAINFO' designates a single-file certificate bundle, not a
directory; thus it must be passed as the second argument to
'set-tls-certificate-locations!'.

* src/cuirass/base.scm (process-specs): Pass $SSL_CERT_DIR as the first
argument to 'set-tls-certificate-locations!', and $GIT_SSL_CAINFO or
$SSL_CERT_FILE as the second argument.
---
 src/cuirass/base.scm | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/cuirass/base.scm b/src/cuirass/base.scm
index d1c8282..960a5e7 100644
--- a/src/cuirass/base.scm
+++ b/src/cuirass/base.scm
@@ -255,10 +255,14 @@ directory and the sha1 of the top level commit in this directory."
       (let ((stamp (db-get-stamp db spec)))
         ;; Catch and report git errors.
         (with-git-error-handling
-         (let ((certs (or (getenv "GIT_SSL_CAINFO")
-                          (getenv "SSL_CERT_DIR"))))
-           (when certs
-             (set-tls-certificate-locations! certs)))
+         ;; Try the 'GIT_SSL_CAINFO' or 'SSL_CERT_FILE' file first, then
+         ;; search the 'SSL_CERT_DIR' directory.
+         (let ((directory (getenv "SSL_CERT_DIR"))
+               (file      (or (getenv "GIT_SSL_CAINFO")
+                              (getenv "SSL_CERT_FILE"))))
+           (when (or directory file)
+             (set-tls-certificate-locations! directory file)))
+
          (receive (checkout commit)
              (fetch-repository store spec)
            (when commit
-- 
cgit v1.2.3