Add flag to enable/disable SSL cert check.

We disabled SSL certificate checks for wget and curl a while ago,
when we first added https repositories. We'll keep the check disabled
by default for now, but this adds a config option,
`check_certificates=true` that can be used in your config.lua.

3 files changed, 12 insertions, 4 deletions

diff --git a/src/luarocks/cfg.lua b/src/luarocks/cfg.lua
index 0f433a7c..c305f702 100644
--- a/src/luarocks/cfg.lua
+++ b/src/luarocks/cfg.lua
@@ -204,6 +204,7 @@ local defaults = {
    fs_use_modules = true,
    hooks_enabled = true,
    deps_mode = "one",
+   check_certificates = false,
 
    lua_modules_path = "/share/lua/"..cfg.lua_version,
    lib_modules_path = "/lib/lua/"..cfg.lua_version,
@@ -278,6 +279,8 @@ local defaults = {
 
       RSYNCFLAGS = "--exclude=.git -Oavz",
       STATFLAG = "-c '%a'",
+      CURLNOCERTFLAG = "",
+      WGETNOCERTFLAG = "",
    },
 
    external_deps_subdirs = site_config.LUAROCKS_EXTERNAL_DEPS_SUBDIRS or {
@@ -532,6 +535,11 @@ local cfg_mt = {
 }
 setmetatable(cfg, cfg_mt)
 
+if not cfg.check_certificates then
+   cfg.variables.CURLNOCERTFLAG = "-k"
+   cfg.variables.WGETNOCERTFLAG = "--no-check-certificate"
+end
+
 function cfg.make_paths_from_tree(tree)
    local lua_path, lib_path, bin_path
    if type(tree) == "string" then
diff --git a/src/luarocks/fs/unix/tools.lua b/src/luarocks/fs/unix/tools.lua
index f36e815a..8db1f0e5 100644
--- a/src/luarocks/fs/unix/tools.lua
+++ b/src/luarocks/fs/unix/tools.lua
@@ -246,7 +246,7 @@ function tools.use_downloader(url, filename, cache)
 
    local ok
    if cfg.downloader == "wget" then
-      local wget_cmd = fs.Q(vars.WGET).." --no-check-certificate --no-cache --user-agent='"..cfg.user_agent.." via wget' --quiet "
+      local wget_cmd = fs.Q(vars.WGET).." "..vars.WGETNOCERTFLAG.." --no-cache --user-agent='"..cfg.user_agent.." via wget' --quiet "
       if cfg.connection_timeout and cfg.connection_timeout > 0 then
         wget_cmd = wget_cmd .. "--timeout="..tonumber(cfg.connection_timeout).." --tries=1 " 
       end
@@ -262,7 +262,7 @@ function tools.use_downloader(url, filename, cache)
          ok = fs.execute_quiet(wget_cmd, url)
       end
    elseif cfg.downloader == "curl" then
-      local curl_cmd = fs.Q(vars.CURL).." -f -k -L --user-agent '"..cfg.user_agent.." via curl' "
+      local curl_cmd = fs.Q(vars.CURL).." "..vars.CURLNOCERTFLAG.." -f -L --user-agent '"..cfg.user_agent.." via curl' "
       if cfg.connection_timeout and cfg.connection_timeout > 0 then
         curl_cmd = curl_cmd .. "--connect-timeout "..tonumber(cfg.connection_timeout).." " 
       end
diff --git a/src/luarocks/fs/win32/tools.lua b/src/luarocks/fs/win32/tools.lua
index f970f36a..e906b4a1 100644
--- a/src/luarocks/fs/win32/tools.lua
+++ b/src/luarocks/fs/win32/tools.lua
@@ -256,7 +256,7 @@ function tools.use_downloader(url, filename, cache)
 
    local ok   
    if cfg.downloader == "wget" then
-      local wget_cmd = fs.Q(vars.WGET).." --no-check-certificate --no-cache --user-agent=\""..cfg.user_agent.." via wget\" --quiet "
+      local wget_cmd = fs.Q(vars.WGET).." "..vars.WGETNOCERTFLAG.." --no-cache --user-agent=\""..cfg.user_agent.." via wget\" --quiet "
       if cfg.connection_timeout and cfg.connection_timeout > 0 then
         wget_cmd = wget_cmd .. "--timeout="..tonumber(cfg.connection_timeout).." --tries=1 " 
       end
@@ -272,7 +272,7 @@ function tools.use_downloader(url, filename, cache)
          ok = fs.execute_quiet(wget_cmd, url)
       end
    elseif cfg.downloader == "curl" then
-      local curl_cmd = vars.CURL.." -f -k -L --user-agent \""..cfg.user_agent.." via curl\" "
+      local curl_cmd = vars.CURL).." "..vars.CURLNOCERTFLAG.." -f -L --user-agent \""..cfg.user_agent.." via curl\" "
       if cfg.connection_timeout and cfg.connection_timeout > 0 then
         curl_cmd = curl_cmd .. "--connect-timeout "..tonumber(cfg.connection_timeout).." " 
       end