aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2017-05-30 10:11:13 +0200
committerLudovic Courtès <ludo@gnu.org>2017-05-30 13:24:55 +0200
commit27fd13c3c2701204f48fe0012438edbb91957dfc (patch)
tree7ec88dc70d99bf6854e2f0bdc166513ce48fac26
parent98b9732cb813dad1522e767cf68caea9c062342d (diff)
downloadguix-27fd13c3c2701204f48fe0012438edbb91957dfc.tar.gz
guix-27fd13c3c2701204f48fe0012438edbb91957dfc.zip
download: Work around GnuTLS bug with UTF-8 certificate file names.
Reported by Mark H Weaver <mhw@netris.org> at <https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>. * guix/build/download.scm (set-certificate-credentials-x509-trust-file!*): New procedure. (make-credendials-with-ca-trust-files): Use it instead of 'set-certificate-credentials-x509-trust-file!'.
-rw-r--r--guix/build/download.scm9
1 files changed, 8 insertions, 1 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm
index ce4708a873..6ef6233346 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -296,6 +296,13 @@ session record port using PORT as its underlying communication port."
(make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
(getenv "SSL_CERT_DIR")))) ;like OpenSSL
+(define (set-certificate-credentials-x509-trust-file!* cred file format)
+ "Like 'set-certificate-credentials-x509-trust-file!', but without the file
+name decoding bug described at
+<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26948#17>."
+ (let ((data (call-with-input-file file get-bytevector-all)))
+ (set-certificate-credentials-x509-trust-data! cred data format)))
+
(define (make-credendials-with-ca-trust-files directory)
"Return certificate credentials with X.509 authority certificates read from
DIRECTORY. Those authority certificates are checked when
@@ -309,7 +316,7 @@ DIRECTORY. Those authority certificates are checked when
(let ((file (string-append directory "/" file)))
;; Protect against dangling symlinks.
(when (file-exists? file)
- (set-certificate-credentials-x509-trust-file!
+ (set-certificate-credentials-x509-trust-file!*
cred file
x509-certificate-format/pem))))
(or files '()))