From b4d29851e412c6f4fea5b2d98160258b9768dee3 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Mon, 25 Oct 2021 20:57:15 +0200
Subject: gnu: p11-kit@0.24.0: Use certificates from /etc/ssl/certs.

Fixes <https://issues.guix.gnu.org/49957>.

Flatpak has a soft dependency on p11-kit, which was configured without
knowledge of the system-wide CA certificate store.  This caused some
flatpak apps to fail with ERR_CERT_AUTHORITY_INVALID errors.

Reported by Andrew Whatson <whatson@gmail.com>.

* gnu/packages/tls.scm (p11-kit-next)[arguments]: New field.

Co-authored-by: Andrew Whatson <whatson@gmail.com>
Co-authored-by: John Kehayias <john.kehayias@protonmail.com>
---
 gnu/packages/tls.scm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'gnu')

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 2534d289e3..700897a49b 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -176,7 +176,13 @@ living in the same process.")
        (uri (string-append "https://github.com/p11-glue/p11-kit/releases/"
                            "download/" version "/p11-kit-" version ".tar.xz"))
        (sha256
-        (base32 "11f6saclxsclc1f3lbavzw8kikws4cr3mfd1avly8dgnhh2i9rl1"))))))
+        (base32 "11f6saclxsclc1f3lbavzw8kikws4cr3mfd1avly8dgnhh2i9rl1"))))
+    (arguments
+     ;; Use the default certificates so that users such as flatpak find them.
+     ;; See <https://issues.guix.gnu.org/49957>.
+     (substitute-keyword-arguments (package-arguments p11-kit)
+       ((#:configure-flags flags ''())
+        ''("--with-trust-paths=/etc/ssl/certs/ca-certificates.crt"))))))
 
 (define-public gnutls
   (package
-- 
cgit v1.2.3