download: Honor /etc/ssl/certs when 'SSL_CERT_DIR' is not set.

* guix/build/download.scm (%x509-certificate-directory): Use "/etc/ssl/certs" as a last resort. This ensures, for instance, that 'guix download' honors system-wide certificates when SSL_CERT_DIR is unset.
author: Ludovic Courtès <ludo@gnu.org> 2019-10-21 15:33:32 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2019-10-21 18:16:16 +0200
commit: 674e143cf8e7dff7d62a29c63e43839efc23edba (patch)
tree: 325e98f5e173ebda63df8dadde6565943970e65d
parent: a273796ce5c016327ca4eec866e9ef696b617ccb (diff)
download: patches-674e143cf8e7dff7d62a29c63e43839efc23edba.tar
patches-674e143cf8e7dff7d62a29c63e43839efc23edba.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm
index 0c9c61de4b..a4c91550a6 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -172,7 +172,8 @@ session record port using PORT as its underlying communication port."
 (define %x509-certificate-directory
   ;; The directory where X.509 authority PEM certificates are stored.
   (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
-                      (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
+                      (getenv "SSL_CERT_DIR")     ;like OpenSSL
+                      "/etc/ssl/certs")))
 
 (define (set-certificate-credentials-x509-trust-file!* cred file format)
   "Like 'set-certificate-credentials-x509-trust-file!', but without the file
author	Ludovic Courtès <ludo@gnu.org>	2019-10-21 15:33:32 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2019-10-21 18:16:16 +0200
commit	674e143cf8e7dff7d62a29c63e43839efc23edba (patch)
tree	325e98f5e173ebda63df8dadde6565943970e65d
parent	a273796ce5c016327ca4eec866e9ef696b617ccb (diff)
download	patches-674e143cf8e7dff7d62a29c63e43839efc23edba.tar patches-674e143cf8e7dff7d62a29c63e43839efc23edba.tar.gz