diff options
author | Ludovic Courtès <ludo@gnu.org> | 2019-11-18 10:32:26 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2019-11-18 12:17:32 +0100 |
commit | 0d78d0f09c10f5c7a25ac2ab4da4197913cd3321 (patch) | |
tree | fc4a6a21d57f30a490230af9dcea2639f2ff54d6 | |
parent | 5544f1e3ea9a98f7d277b7ac76734b84b03df7f6 (diff) | |
download | guix-0d78d0f09c10f5c7a25ac2ab4da4197913cd3321.tar.gz |
download: Load *.crt certificate bundles when *.pem files are missing.
Fixes <https://bugs.gnu.org/38254>. * guix/build/download.scm (make-credendials-with-ca-trust-files): Look for *.crt files under DIRECTORY when *.pem files cannot be found.
-rw-r--r-- | guix/build/download.scm | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm index a4c91550a6..141ef409d6 100644 --- a/guix/build/download.scm +++ b/guix/build/download.scm @@ -187,10 +187,13 @@ name decoding bug described at DIRECTORY. Those authority certificates are checked when 'peer-certificate-status' is later called." (let ((cred (make-certificate-credentials)) - (files (or (scandir directory - (lambda (file) - (string-suffix? ".pem" file))) - '()))) + (files (match (scandir directory (cut string-suffix? ".pem" <>)) + ((or #f ()) + ;; Some distros provide nothing but bundles (*.crt) under + ;; /etc/ssl/certs, so look for them. + (or (scandir directory (cut string-suffix? ".crt" <>)) + '())) + (pem pem)))) (for-each (lambda (file) (let ((file (string-append directory "/" file))) ;; Protect against dangling symlinks. @@ -198,7 +201,7 @@ DIRECTORY. Those authority certificates are checked when (set-certificate-credentials-x509-trust-file!* cred file x509-certificate-format/pem)))) - (or files '())) + files) cred)) (define (peer-certificate session) |