[gnutls-devel] Trust store from environment variable
nmav at gnutls.org
Sun Feb 8 10:18:18 CET 2015
On Sat, 2015-02-07 at 16:34 +0100, Andreas Enge wrote:
> in GNU Guix, we currently compile GnuTLS with
> However, with per user installation, it would be desirable if each user
> could define his own trust store, via an environment variable, for instance.
> Does this sound like a reasonable option? Some care would be needed to
> handle applications that are setuid root, for instance.
The loading of certificates from a system wide file or directory are
legacy options, and they don't allow much space for improvement. The
recommended way in a modern system is via the p11-kit trust module ,
which in addition to what you ask, it can allow users to also specify
the purpose each CA certificate is trusted for. The p11-kit trust module
is used in Fedora for few releases now, for both NSS and gnutls.
More information about the Gnutls-devel