Hi, Leo Famulari <l...@famulari.name> skribis:
> As discussed in #46829, `guix pull` needs an option like > --allow-insecure-transport so that users can continue to pull from the > same channel even when their local certificate store has expired or is > otherwise invalid. Agreed. Unfortunately it seems that libgit2 doesn’t let us turn off certificate verification: https://libgit2.org/libgit2/#HEAD/group/libgit2 ‘verify_server_cert’ in src/streams/openssl.c is called unconditionally. So it seems that the first thing to do would be to submit a patch upstream that would allow users to disable certificate checks via ‘git_libgit2_opts’. Now, by default, ‘guix pull’ honors /etc/ssl/certs. Assuming those are up-to-date, it should be fine, right? Thanks, Ludo’.
