<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<p class="details" style="font-style: italic; color: #666;">
<a href="https://gitlab.com/roelj">Roel Janssen</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1279">#1279</a>
</p>
<div></div>
<h2 dir="auto">
<a id="user-content-description-of-the-feature" class="anchor" href="#description-of-the-feature" aria-hidden="true"></a>Description of the feature:</h2>
<p dir="auto">I want to propose implementing a feature that enables a user to choose a trust store at run-time. This feature would work exactly as it works in OpenSSL:
<a href="https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_default_verify_paths.html" rel="nofollow noreferrer noopener" target="_blank">https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_default_verify_paths.html</a></p>
<blockquote dir="auto">
<p>SSL_CTX_set_default_verify_paths() specifies that the default locations from which CA certificates are loaded should be used. There is one default directory, one default file and one default store. The default CA certificates directory is called certs in the default OpenSSL directory, and this is also the default store. Alternatively the SSL_CERT_DIR environment variable can be defined to override this location. The default CA certificates file is called cert.pem in the default OpenSSL directory. Alternatively the SSL_CERT_FILE environment variable can be defined to override this location.</p>
</blockquote>
<p dir="auto">This manual page describes being able to overwrite the default CA certificates by specifying alternatives using either <code>SSL_CERT_DIR</code> or <code>SSL_CERT_FILE</code>.</p>
<h2 dir="auto">
<a id="user-content-applications-that-this-feature-may-be-relevant-to" class="anchor" href="#applications-that-this-feature-may-be-relevant-to" aria-hidden="true"></a>Applications that this feature may be relevant to:</h2>
<p dir="auto">See a related discussion here:
<a href="https://lists.gnu.org/archive/html/guix-devel/2014-02/msg00245.html" rel="nofollow noreferrer noopener" target="_blank">https://lists.gnu.org/archive/html/guix-devel/2014-02/msg00245.html</a></p>
<h2 dir="auto">
<a id="user-content-is-this-feature-implemented-in-other-libraries-and-which" class="anchor" href="#is-this-feature-implemented-in-other-libraries-and-which" aria-hidden="true"></a>Is this feature implemented in other libraries (and which)</h2>
<p dir="auto">Yes, in OpenSSL. See:
<a href="https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_default_verify_paths.html" rel="nofollow noreferrer noopener" target="_blank">https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_default_verify_paths.html</a></p>
<h2 dir="auto">
<a id="user-content-guidance" class="anchor" href="#guidance" aria-hidden="true"></a>Guidance</h2>
<p dir="auto">If the feature request seems fine, but nobody can work on it, I would like to give it a try. If there are any perspectives that come to mind that I have to take into account while implementing this feature, please write them here. :)</p>
<p dir="auto">Thank you!</p>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1279">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/c9adc7ab0d2c473118a7afa04c264d65/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1279"}}</script>


</p>
</div>
</body>
</html>