summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2019-10-21 15:33:32 +0200
committerLudovic Courtès <ludo@gnu.org>2019-10-21 18:16:16 +0200
commit674e143cf8e7dff7d62a29c63e43839efc23edba (patch)
tree325e98f5e173ebda63df8dadde6565943970e65d
parenta273796ce5c016327ca4eec866e9ef696b617ccb (diff)
downloadguix-674e143cf8e7dff7d62a29c63e43839efc23edba.tar.gz
download: Honor /etc/ssl/certs when 'SSL_CERT_DIR' is not set.
* guix/build/download.scm (%x509-certificate-directory): Use
"/etc/ssl/certs" as a last resort.  This ensures, for instance, that
'guix download' honors system-wide certificates when SSL_CERT_DIR is
unset.
-rw-r--r--guix/build/download.scm3
1 files changed, 2 insertions, 1 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm
index 0c9c61de4b..a4c91550a6 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -172,7 +172,8 @@ session record port using PORT as its underlying communication port."
 (define %x509-certificate-directory
   ;; The directory where X.509 authority PEM certificates are stored.
   (make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
-                      (getenv "SSL_CERT_DIR"))))  ;like OpenSSL
+                      (getenv "SSL_CERT_DIR")     ;like OpenSSL
+                      "/etc/ssl/certs")))
 
 (define (set-certificate-credentials-x509-trust-file!* cred file format)
   "Like 'set-certificate-credentials-x509-trust-file!', but without the file