summaryrefslogtreecommitdiff
path: root/doc/guix.texi
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-11-07 23:29:45 +0100
committerLudovic Courtès <ludo@gnu.org>2016-11-07 23:39:01 +0100
commit64b8695cd8bbdca44dde226bde698489d68a44be (patch)
tree671e000a8a5d43dc71da0a806863f96424ffb39e /doc/guix.texi
parentbc3c41ce36349ed4ec758c70b48a7059e363043a (diff)
guix download: Add '--no-check-certificate' option.
* guix/download.scm (download-to-store): Add #:verify-certificate? parameter and honor it. * guix/scripts/download.scm (%default-options): Add 'verify-certificate?' key. (show-help, %options): Add '--no-check-certificate'. (guix-download): Pass #:verify-certificate to 'download-to-store'. * doc/guix.texi (Invoking guix download): Document it.
Diffstat (limited to 'doc/guix.texi')
-rw-r--r--doc/guix.texi12
1 files changed, 10 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 349c4816a1..d99f409061 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4771,15 +4771,23 @@ GnuTLS-Guile}, for more information.
@command{guix download} verifies HTTPS server certificates by loading
the certificates of X.509 authorities from the directory pointed to by
the @code{SSL_CERT_DIR} environment variable (@pxref{X.509
-Certificates}).
+Certificates}), unless @option{--no-check-certificate} is used.
-The following option is available:
+The following options are available:
@table @code
@item --format=@var{fmt}
@itemx -f @var{fmt}
Write the hash in the format specified by @var{fmt}. For more
information on the valid values for @var{fmt}, @pxref{Invoking guix hash}.
+
+@item --no-check-certificate
+Do not validate the X.509 certificates of HTTPS servers.
+
+When using this option, you have @emph{absolutely no guarantee} that you
+are communicating with the authentic server responsible for the given
+URL, which makes you vulnerable to ``man-in-the-middle'' attacks.
+
@end table
@node Invoking guix hash