On Wed, Jul 31, 2013 at 03:24:07PM +0200, Michael Gmelin wrote: > On Wed, 31 Jul 2013 08:10:28 -0500 > Mark Felder <f...@freebsd.org> wrote: > > > On Wed, Jul 31, 2013, at 8:05, Nikolai Lifanov wrote: > > > > > > I fully agree. We already checksum the *distfiles*. > > > It shouldn't be important what the source is. > > > > > > Are there any objections to adding --no-verify-peer to FETCH_ARGS > > > across the board? > > > > > > > Won't that break fetch for users whose fetch doesn't support > > --no-verify-peer? > > True, it probably makes more sense to set SSL_NO_VERIFY_PEER in the > environment, since older versions of fetch will just ignore that. > bsd.port.mk already provides FETCH_ENV for that, so we could utilize > it for that purpose. > > While you're on it you might also want to set SSL_NO_VERIFY_HOSTNAME > to disable host name verification in the cert (this is required less > often, but I could still see problems cause for incorrectly configured > master sites). > > So this would mean adding something like this to bsd.port.mk around > line 2215: > > FETCH_ENV?= SSL_NO_VERIFY_PEER=1 SSL_NO_VERIFY_HOSTNAME=1 > > Michael > Committed thanks
Bapt
pgp1wkkWFyqEU.pgp
Description: PGP signature