From 674e143cf8e7dff7d62a29c63e43839efc23edba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 21 Oct 2019 15:33:32 +0200
Subject: download: Honor /etc/ssl/certs when 'SSL_CERT_DIR' is not set.

* guix/build/download.scm (%x509-certificate-directory): Use
"/etc/ssl/certs" as a last resort.  This ensures, for instance, that
'guix download' honors system-wide certificates when SSL_CERT_DIR is
unset.
---
 guix/build/download.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/guix/build/download.scm b/guix/build/download.scm
index 0c9c61de4b..a4c91550a6 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -172,7 +172,8 @@ session record port using PORT as its underlying communication port."
 (define %x509-certificate-directory
   ;; The directory where X.509 authority PEM certificates are stored.
   (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
-                      (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
+                      (getenv "SSL_CERT_DIR")     ;like OpenSSL
+                      "/etc/ssl/certs")))
 
 (define (set-certificate-credentials-x509-trust-file!* cred file format)
   "Like 'set-certificate-credentials-x509-trust-file!', but without the file
-- 
cgit v1.2.3