diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-11-07 23:07:08 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-11-07 23:39:01 +0100 |
commit | bc3c41ce36349ed4ec758c70b48a7059e363043a (patch) | |
tree | 912d77ea38b4295e58cd1d7dd5ce000781deb48d /ROADMAP | |
parent | a00fbe8adfa69babd47f6badc2c3b7ec8da1dc42 (diff) | |
download | guix-bc3c41ce36349ed4ec758c70b48a7059e363043a.tar.gz |
download: Verify TLS certificates unless asked not to.
Fixes <http://bugs.gnu.org/24466>. Reported by Leo Famulari <leo@famulari.name>. * guix/build/download.scm (%x509-certificate-directory): New variable. (make-credendials-with-ca-trust-files, peer-certificate) (assert-valid-server-certificate, print-tls-certificate-error): New procedures. Add 'print-tls-certificate-error' as an exception printer for 'tls-certificate-error'. (tls-wrap): Add #:verify-certificate? parameter and honor it. (open-connection-for-uri): Likewise. (http-fetch): Likewise. (url-fetch): Likewise. * guix/download.scm (url-fetch)[builder]: Pass #:verify-certificate? #f. * guix/scripts/lint.scm (probe-uri): Add case for 'tls-certificate-error'. (validate-uri): Likewise. * doc/guix.texi (Invoking guix download): Mention 'SSL_CERT_DIR'.
Diffstat (limited to 'ROADMAP')
0 files changed, 0 insertions, 0 deletions