On Tue, Feb 08, 2022 at 11:18:08AM +0100, Ludovic Courtès wrote:
Toggle quote (8 lines)
> Unfortunately it seems that libgit2 doesn’t let us turn off certificate
> ‘verify_server_cert’ in src/streams/openssl.c is called
Ah, that's not surprising.
Toggle quote (4 lines)
> So it seems that the first thing to do would be to
> submit a patch upstream that would allow users to disable certificate
> checks via ‘git_libgit2_opts’.
Right, but it might not be accepted.
Toggle quote (3 lines)
> Now, by default, ‘guix pull’ honors /etc/ssl/certs. Assuming those are
> up-to-date, it should be fine, right?