download: Load *.crt certificate bundles when *.pem files are missing.

Fixes <https://bugs.gnu.org/38254>. * guix/build/download.scm (make-credendials-with-ca-trust-files): Look for *.crt files under DIRECTORY when *.pem files cannot be found.
2024-12-26 22:38:07 -05:00 · 2019-11-18 10:32:26 +01:00 · 2019-11-18 10:32:26 +01:00 · 0d78d0f09c
commit 0d78d0f09c
parent 5544f1e3ea
1 changed files with 8 additions and 5 deletions
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@ -187,10 +187,13 @@ (define (make-credendials-with-ca-trust-files directory)
 DIRECTORY.  Those authority certificates are checked when
 'peer-certificate-status' is later called."
  (let ((cred  (make-certificate-credentials))
-        (files (or (scandir directory
+        (files (match (scandir directory (cut string-suffix? ".pem" <>))
-                            (lambda (file)
+                 ((or #f ())
-                              (string-suffix? ".pem" file)))
+                  ;; Some distros provide nothing but bundles (*.crt) under
-                   '())))
+                  ;; /etc/ssl/certs, so look for them.
                  (or (scandir directory (cut string-suffix? ".crt" <>))
                      '()))
                 (pem pem))))
    (for-each (lambda (file)
                (let ((file (string-append directory "/" file)))
                  ;; Protect against dangling symlinks.
@ -198,7 +201,7 @@ (define (make-credendials-with-ca-trust-files directory)
                    (set-certificate-credentials-x509-trust-file!*
                     cred file
                     x509-certificate-format/pem))))
-              (or files '()))
+              files)
    cred))
 (define (peer-certificate session)