On Wed, Mar 17, 2021 at 03:36:44PM +0100, Ludovic Courtès wrote: > (define (honor-x509-certificates store) > "Use the right X.509 certificates for Git checkouts over HTTPS." > (unless (honor-system-x509-certificates!) > (honor-lets-encrypt-certificates! store))) > > By default, 1.2.0 installs ‘nss-certs’, so I would assume such > installations are unaffected, right?
So, the bug here is that `guix pull` is using the wrong certificate store. It should use le-certs, but is instead ignoring le-certs, and looking for a system-wide store that doesn't exist. I tested with an installer image from current master, and the bug still exists.