bug#61557: vdirsyncer fails to verify certificates

[Ethan Blanton]

(Pardon the delay, for some reason I do not get email notifications
for this bug.)

I had read the X.509 Certificates section of the manual, but since my
certificates ARE in the default location of /etc/ssl/certs, and
vdirsyncer had previously worked, for some reason I did not dig into
it deeply enough, or perhaps I attempted to set it up wrongly at some
point in the past.

Setting SSL_CERT_DIR=/etc/ssl/certs in my environment fixes the
vdirsyncer package, and it syncs correctly.

I have also discovered that python aiohttp will correctly verify
certificates WITHOUT this environment variable with:

guix shell -P -C -N python python-aiohttp nss-certs openssl

Leaving out EITHER nss-certs OR openssl causes aiohttp to exhibit the
same behavior as vdirsyncer.

However, including both of these packages in the same (foreign distro)
profile that includes vdirsyncer does NOT cause vdirsyncer to
correctly verify certificates.

I am not sure what this means for this bug; certainly the change from
"working without extra configuration" to "broken without extra
configuration" is a regression in user experience, but it may be that
it is working as intended.  It seems to me that the principle of least
astonishment for foreign distro users would suggest that python
aiohttp defaults to loading /etc/ssl/certs from the foreign distro, if
present.