GNU bug report logs - #49508
Implement --allow-insecure-transport for `guix pull`

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sat, 10 Jul 2021 17:29:02 UTC

Severity: important

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 49508 <at> debbugs.gnu.org
Subject: bug#49508: Implement --allow-insecure-transport for `guix pull`
Date: Tue, 8 Feb 2022 12:11:32 -0500

On Tue, Feb 08, 2022 at 11:18:08AM +0100, Ludovic Courtès wrote:
> Unfortunately it seems that libgit2 doesn’t let us turn off certificate
> verification:
> 
>   https://libgit2.org/libgit2/#HEAD/group/libgit2
> 
> ‘verify_server_cert’ in src/streams/openssl.c is called
> unconditionally.

Ah, that's not surprising.

> So it seems that the first thing to do would be to
> submit a patch upstream that would allow users to disable certificate
> checks via ‘git_libgit2_opts’.

Right, but it might not be accepted.

> Now, by default, ‘guix pull’ honors /etc/ssl/certs.  Assuming those are
> up-to-date, it should be fine, right?

Yeah, I think so.

This bug report was last modified 2 years and 224 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #49508 Implement --allow-insecure-transport for `guix pull`

GNU bug report logs - #49508
Implement --allow-insecure-transport for `guix pull`