Leo Famulari <l...@famulari.name> writes: > On Tue, Dec 13, 2016 at 05:15:05PM -0500, Leo Famulari wrote: >> I'm successfully using this package with this change. >> >> I don't know if this is the "right way" to solve this. Your thoughts? > > To clarify, here is what happens on Debian Jessie without this change: > > $ acme-client -nN example.com > acme-client: tls_config_set_ca_file: failed to open CA file > '/etc/ssl/cert.pem': No such file or directory: No such file or directory > > And here are the upstream notes on this subject [0]: > > "You can also set DEFAULT_CA_FILE for the location of the certificate > file loaded by libtls." > > https://github.com/kristapsdz/acme-client-portable/blob/master/README.md#configuration > >> + (let ((pem (string-append (assoc-ref inputs "libressl") >> + "/etc/ssl/cert.pem"))) >> + (substitute* "http.c" >> + (("/etc/ssl/cert.pem") pem)) > > The upstream maintainer recommends setting this value in 'config.h', but > it's only used in 'http.c', so I thought this solution would be a little > easier to read.
LGTM. I did not know libressl maintains their own root trust.
signature.asc
Description: PGP signature
