Gentoo Archives: gentoo-dev

From: "Petteri Räty" <petteri.raty@××××××××××.fi>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] the default FETCHCOMMAND with broken ssl certificates
Date: Sun, 07 Aug 2005 20:48:28
Message-Id: 42F6732F.20108@saunalahti.fi
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One of the java packages, jdictrayapi, is only available over ssl. Here
is the output I get if I try downloading it with wget:

betelgeuse@pena ~/java $ wget
https://jdic.dev.java.net/files/documents/880/16466/jdic-0.9.1-src.zip
- --23:37:11--
https://jdic.dev.java.net/files/documents/880/16466/jdic-0.9.1-src.zip
           => `jdic-0.9.1-src.zip'
Resolving jdic.dev.java.net... 64.125.133.206
Connecting to jdic.dev.java.net|64.125.133.206|:443... connected.
ERROR: Certificate verification error for jdic.dev.java.net: unable to
get local issuer certificate
To connect to jdic.dev.java.net insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

It is usually not a problem for users because the file gets mirrored but
when doing version bumps I come across this again. As a solution I added
- --no-check-certificate to my FETCHCOMMAND so this will not bother me
again.
	So what about adding this as the default for everyone? The verification
of the download is done on our side so we don't really need the ssl
certificate checking and it would probably be (very?) little faster
without checking. It could also prevent a couple of bug reports from the
users in the future.

Regards,
Petteri Räty (Betelgeuse)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC9nMtcxLzpIGCsLQRAlzZAJ4kdzlqoMqAEUkzTtGIx1yrmTh5AQCeKWGA
Q+KqbGA8Fn5LhZzUCC+8z5E=
=86C3
-----END PGP SIGNATURE-----
-- 
gentoo-dev@g.o mailing list

Replies