help-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: root certificate

From: Mark H Weaver
Subject: Re: root certificate
Date: Thu, 14 Jun 2018 13:49:22 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) 
Hi Chris,

Chris Marusich <address@hidden> writes:

> Mark H Weaver <address@hidden> writes:
>
>>            ;; Create hash symlinks suitable for OpenSSL ('SSL_CERT_DIR' and
>>            ;; similar.)
>>            (chdir (string-append %output "/etc/ssl/certs"))
>>            (invoke (string-append perl "/bin/perl")
>>                    (string-append openssl "/bin/c_rehash")
>>                    ".")))))
>
> I didn't know about c_rehash until now.  Interesting!  In the past, I've
> defined my own certificate packages as described in my own separate
> replies to this thread, and they worked even though I didn't invoke
> c_rehash.  Could this simply have been because the software I use
> happens to work even when the symlinks created by c_rehash don't exist?

According to the c_rehash man page, "many programs that use OpenSSL
require directories to be set up like this in order to find
certificates."  I'm not sure, but I guess that programs based on GnuTLS
do not need the symlinks.

> It looks like the ca-certificate-bundle profile hook (defined in
> guix/profiles.scm) doesn't currently invoke c_rehash.  Should it?

If I understand correctly, as long as each certificate package runs
'c_rehash' individually, then running 'c_rehash' during the profile hook
should have no effect, because all of the certificates will already have
their associated hash symlinks installed.

     Regards,
       Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]