[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: download: Load *.crt certificate bundles when *.pem files are mis
|
From: |
guix-commits |
|
Subject: |
01/02: download: Load *.crt certificate bundles when *.pem files are missing. |
|
Date: |
Mon, 18 Nov 2019 06:20:12 -0500 (EST) |
civodul pushed a commit to branch master
in repository guix.
commit 0d78d0f09c10f5c7a25ac2ab4da4197913cd3321
Author: Ludovic Courtès <address@hidden>
Date: Mon Nov 18 10:32:26 2019 +0100
download: Load *.crt certificate bundles when *.pem files are missing.
Fixes <https://bugs.gnu.org/38254>.
* guix/build/download.scm (make-credendials-with-ca-trust-files): Look
for *.crt files under DIRECTORY when *.pem files cannot be found.
---
guix/build/download.scm | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/guix/build/download.scm b/guix/build/download.scm
index a4c9155..141ef40 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -187,10 +187,13 @@ name decoding bug described at
DIRECTORY. Those authority certificates are checked when
'peer-certificate-status' is later called."
(let ((cred (make-certificate-credentials))
- (files (or (scandir directory
- (lambda (file)
- (string-suffix? ".pem" file)))
- '())))
+ (files (match (scandir directory (cut string-suffix? ".pem" <>))
+ ((or #f ())
+ ;; Some distros provide nothing but bundles (*.crt) under
+ ;; /etc/ssl/certs, so look for them.
+ (or (scandir directory (cut string-suffix? ".crt" <>))
+ '()))
+ (pem pem))))
(for-each (lambda (file)
(let ((file (string-append directory "/" file)))
;; Protect against dangling symlinks.
@@ -198,7 +201,7 @@ DIRECTORY. Those authority certificates are checked when
(set-certificate-credentials-x509-trust-file!*
cred file
x509-certificate-format/pem))))
- (or files '()))
+ files)
cred))
(define (peer-certificate session)