summary refs log tree commit diff
path: root/doc/guix.texi
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-11-07 23:29:45 +0100
committerLudovic Courtès <ludo@gnu.org>2016-11-07 23:39:01 +0100
commit64b8695cd8bbdca44dde226bde698489d68a44be (patch)
tree671e000a8a5d43dc71da0a806863f96424ffb39e /doc/guix.texi
parentbc3c41ce36349ed4ec758c70b48a7059e363043a (diff)
downloadguix-64b8695cd8bbdca44dde226bde698489d68a44be.tar.gz
guix download: Add '--no-check-certificate' option.
* guix/download.scm (download-to-store): Add #:verify-certificate?
parameter and honor it.
* guix/scripts/download.scm (%default-options): Add
'verify-certificate?' key.
(show-help, %options): Add '--no-check-certificate'.
(guix-download): Pass #:verify-certificate to 'download-to-store'.
* doc/guix.texi (Invoking guix download): Document it.
Diffstat (limited to 'doc/guix.texi')
-rw-r--r--doc/guix.texi12
1 files changed, 10 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 349c4816a1..d99f409061 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4771,15 +4771,23 @@ GnuTLS-Guile}, for more information.
 @command{guix download} verifies HTTPS server certificates by loading
 the certificates of X.509 authorities from the directory pointed to by
 the @code{SSL_CERT_DIR} environment variable (@pxref{X.509
-Certificates}).
+Certificates}), unless @option{--no-check-certificate} is used.
 
-The following option is available:
+The following options are available:
 
 @table @code
 @item --format=@var{fmt}
 @itemx -f @var{fmt}
 Write the hash in the format specified by @var{fmt}.  For more
 information on the valid values for @var{fmt}, @pxref{Invoking guix hash}.
+
+@item --no-check-certificate
+Do not validate the X.509 certificates of HTTPS servers.
+
+When using this option, you have @emph{absolutely no guarantee} that you
+are communicating with the authentic server responsible for the given
+URL, which makes you vulnerable to ``man-in-the-middle'' attacks.
+
 @end table
 
 @node Invoking guix hash