summary refs log tree commit diff
path: root/doc/guix.texi
diff options
context:
space:
mode:
Diffstat (limited to 'doc/guix.texi')
-rw-r--r--doc/guix.texi12
1 files changed, 10 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 349c4816a1..d99f409061 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4771,15 +4771,23 @@ GnuTLS-Guile}, for more information.
 @command{guix download} verifies HTTPS server certificates by loading
 the certificates of X.509 authorities from the directory pointed to by
 the @code{SSL_CERT_DIR} environment variable (@pxref{X.509
-Certificates}).
+Certificates}), unless @option{--no-check-certificate} is used.
 
-The following option is available:
+The following options are available:
 
 @table @code
 @item --format=@var{fmt}
 @itemx -f @var{fmt}
 Write the hash in the format specified by @var{fmt}.  For more
 information on the valid values for @var{fmt}, @pxref{Invoking guix hash}.
+
+@item --no-check-certificate
+Do not validate the X.509 certificates of HTTPS servers.
+
+When using this option, you have @emph{absolutely no guarantee} that you
+are communicating with the authentic server responsible for the given
+URL, which makes you vulnerable to ``man-in-the-middle'' attacks.
+
 @end table
 
 @node Invoking guix hash