[gnutls-devel] GnuTLS | Look for /usr/etc/crypto-policies if there is no /etc/crypto-policies (#1742)

[Read-only notification of GnuTLS library development activities]

Ben Creasy created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1742



I think there is an emerging convention to look to `/usr/etc` for package-provided default configuration and `/etc/` for local administrator overrides - see https://en.opensuse.org/openSUSE:Packaging_UsrEtc

Obviously there's no requirement to fall back to `/usr/etc` but it can be a convenience for users to make it more clear to where they've overridden package defaults.

With no `/etc/crypto-policies` I see this:

```
➜  sudo mv /etc/{crypto-policies,crypto-policies2}
[sudo] password for ben: 

ben in dotfiles on  master [$!?] took 2s 
➜  GNUTLS_DEBUG_LEVEL=3 gnutls-cli --priority "SYSTEM" --print-cert raw.githubusercontent.com:443 2>&1 | head -20
gnutls[2]: Enabled GnuTLS 3.8.10 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: unable to access: /etc/crypto-policies/back-ends/gnutls.config: 2
Syntax error at: SYSTEM
Processed 388 CA certificate(s).
Resolving 'raw.githubusercontent.com:443'...
Connecting to '185.199.111.133:443'...
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1742
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250929/295d077b/attachment-0001.html>