[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#49508: Implement --allow-insecure-transport for `guix pull`
From: |
Leo Famulari |
Subject: |
bug#49508: Implement --allow-insecure-transport for `guix pull` |
Date: |
Tue, 8 Feb 2022 12:11:32 -0500 |
On Tue, Feb 08, 2022 at 11:18:08AM +0100, Ludovic Courtès wrote:
> Unfortunately it seems that libgit2 doesn’t let us turn off certificate
> verification:
>
> https://libgit2.org/libgit2/#HEAD/group/libgit2
>
> ‘verify_server_cert’ in src/streams/openssl.c is called
> unconditionally.
Ah, that's not surprising.
> So it seems that the first thing to do would be to
> submit a patch upstream that would allow users to disable certificate
> checks via ‘git_libgit2_opts’.
Right, but it might not be accepted.
> Now, by default, ‘guix pull’ honors /etc/ssl/certs. Assuming those are
> up-to-date, it should be fine, right?
Yeah, I think so.