On Tue, Feb 08, 2022 at 11:18:08AM +0100, Ludovic Courtès wrote: > Unfortunately it seems that libgit2 doesn’t let us turn off certificate > verification: > > https://libgit2.org/libgit2/#HEAD/group/libgit2 > > ‘verify_server_cert’ in src/streams/openssl.c is called > unconditionally.
Ah, that's not surprising. > So it seems that the first thing to do would be to > submit a patch upstream that would allow users to disable certificate > checks via ‘git_libgit2_opts’. Right, but it might not be accepted. > Now, by default, ‘guix pull’ honors /etc/ssl/certs. Assuming those are > up-to-date, it should be fine, right? Yeah, I think so.
