diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-11-07 23:29:45 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-11-07 23:39:01 +0100 |
commit | 64b8695cd8bbdca44dde226bde698489d68a44be (patch) | |
tree | 671e000a8a5d43dc71da0a806863f96424ffb39e /doc/guix.texi | |
parent | bc3c41ce36349ed4ec758c70b48a7059e363043a (diff) |
guix download: Add '--no-check-certificate' option.
* guix/download.scm (download-to-store): Add #:verify-certificate?
parameter and honor it.
* guix/scripts/download.scm (%default-options): Add
'verify-certificate?' key.
(show-help, %options): Add '--no-check-certificate'.
(guix-download): Pass #:verify-certificate to 'download-to-store'.
* doc/guix.texi (Invoking guix download): Document it.
Diffstat (limited to 'doc/guix.texi')
-rw-r--r-- | doc/guix.texi | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 349c4816a1..d99f409061 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4771,15 +4771,23 @@ GnuTLS-Guile}, for more information. @command{guix download} verifies HTTPS server certificates by loading the certificates of X.509 authorities from the directory pointed to by the @code{SSL_CERT_DIR} environment variable (@pxref{X.509 -Certificates}). +Certificates}), unless @option{--no-check-certificate} is used. -The following option is available: +The following options are available: @table @code @item --format=@var{fmt} @itemx -f @var{fmt} Write the hash in the format specified by @var{fmt}. For more information on the valid values for @var{fmt}, @pxref{Invoking guix hash}. + +@item --no-check-certificate +Do not validate the X.509 certificates of HTTPS servers. + +When using this option, you have @emph{absolutely no guarantee} that you +are communicating with the authentic server responsible for the given +URL, which makes you vulnerable to ``man-in-the-middle'' attacks. + @end table @node Invoking guix hash |