policy.TLS_FORWARD should use the system CA by default

The administrator should not be required to explicitly specify ca_file if they are willing to fall back to the system CA.

In particular, if hostname is set, but no ca_file configuration option is present, policy.TLS_FORWARD should use gnutls_x509_trust_list_add_system_trust for that upstream.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

policy.TLS_FORWARD should use the system CA by default