Date: Mon, 5 Jun 2017 16:48:54 -0500 From: "Matthew D. Fuller" <fullermd@over-yonder.net> To: Marcin Cieslak <saper@saper.info> Cc: ports@FreeBSD.org Subject: Re: Hosting distfiles on HTTPS w/Let's Encrypt - how? [somehow solved] Message-ID: <20170605214854.GE79904@over-yonder.net> In-Reply-To: <nycvar.OFS.7.76.6.1706042146350.19072@z.fncre.vasb> References: <nycvar.OFS.7.76.1705312355300.37923@z.fncre.vasb> <nycvar.OFS.7.76.6.1706042146350.19072@z.fncre.vasb>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 04, 2017 at 09:48:02PM +0000 I heard the voice of
Marcin Cieslak, and lo! it spake thus:
>
> My temporary solution to this problem is to pin the CA certificate
> in the port itself:
Err...
> -FETCH_ENV= HTTP_AUTH=basic:*:I\ accept\ www.opensource.org/licenses/cpl:.
> +FETCH_ARGS+= --ca-cert="${FILESDIR}/dst_root_ca_x3.crt"
bsd.port.mk already sets
FETCH_ENV?= SSL_NO_VERIFY_PEER=1 SSL_NO_VERIFY_HOSTNAME=1
itself (on !makesum). If you don't need that FETCH_ENV at all, you
wouldn't need the _ARGS either (and if you do need the _ENV, you'd
probably want to pull in the default as well to match...)
--
Matthew Fuller (MF4839) | fullermd@over-yonder.net
Systems/Network Administrator | http://www.over-yonder.net/~fullermd/
On the Internet, nobody can hear you scream.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170605214854.GE79904>