From 8278ed2e1e007d155fc75b1cf925932970b0693c Mon Sep 17 00:00:00 2001 From: Hisham Muhammad Date: Thu, 2 Oct 2014 11:41:56 -0300 Subject: Add flag to enable/disable SSL cert check. We disabled SSL certificate checks for wget and curl a while ago, when we first added https repositories. We'll keep the check disabled by default for now, but this adds a config option, `check_certificates=true` that can be used in your config.lua. --- src/luarocks/cfg.lua | 8 ++++++++ src/luarocks/fs/unix/tools.lua | 4 ++-- src/luarocks/fs/win32/tools.lua | 4 ++-- 3 files changed, 12 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/luarocks/cfg.lua b/src/luarocks/cfg.lua index 0f433a7c..c305f702 100644 --- a/src/luarocks/cfg.lua +++ b/src/luarocks/cfg.lua @@ -204,6 +204,7 @@ local defaults = { fs_use_modules = true, hooks_enabled = true, deps_mode = "one", + check_certificates = false, lua_modules_path = "/share/lua/"..cfg.lua_version, lib_modules_path = "/lib/lua/"..cfg.lua_version, @@ -278,6 +279,8 @@ local defaults = { RSYNCFLAGS = "--exclude=.git -Oavz", STATFLAG = "-c '%a'", + CURLNOCERTFLAG = "", + WGETNOCERTFLAG = "", }, external_deps_subdirs = site_config.LUAROCKS_EXTERNAL_DEPS_SUBDIRS or { @@ -532,6 +535,11 @@ local cfg_mt = { } setmetatable(cfg, cfg_mt) +if not cfg.check_certificates then + cfg.variables.CURLNOCERTFLAG = "-k" + cfg.variables.WGETNOCERTFLAG = "--no-check-certificate" +end + function cfg.make_paths_from_tree(tree) local lua_path, lib_path, bin_path if type(tree) == "string" then diff --git a/src/luarocks/fs/unix/tools.lua b/src/luarocks/fs/unix/tools.lua index f36e815a..8db1f0e5 100644 --- a/src/luarocks/fs/unix/tools.lua +++ b/src/luarocks/fs/unix/tools.lua @@ -246,7 +246,7 @@ function tools.use_downloader(url, filename, cache) local ok if cfg.downloader == "wget" then - local wget_cmd = fs.Q(vars.WGET).." --no-check-certificate --no-cache --user-agent='"..cfg.user_agent.." via wget' --quiet " + local wget_cmd = fs.Q(vars.WGET).." "..vars.WGETNOCERTFLAG.." --no-cache --user-agent='"..cfg.user_agent.." via wget' --quiet " if cfg.connection_timeout and cfg.connection_timeout > 0 then wget_cmd = wget_cmd .. "--timeout="..tonumber(cfg.connection_timeout).." --tries=1 " end @@ -262,7 +262,7 @@ function tools.use_downloader(url, filename, cache) ok = fs.execute_quiet(wget_cmd, url) end elseif cfg.downloader == "curl" then - local curl_cmd = fs.Q(vars.CURL).." -f -k -L --user-agent '"..cfg.user_agent.." via curl' " + local curl_cmd = fs.Q(vars.CURL).." "..vars.CURLNOCERTFLAG.." -f -L --user-agent '"..cfg.user_agent.." via curl' " if cfg.connection_timeout and cfg.connection_timeout > 0 then curl_cmd = curl_cmd .. "--connect-timeout "..tonumber(cfg.connection_timeout).." " end diff --git a/src/luarocks/fs/win32/tools.lua b/src/luarocks/fs/win32/tools.lua index f970f36a..e906b4a1 100644 --- a/src/luarocks/fs/win32/tools.lua +++ b/src/luarocks/fs/win32/tools.lua @@ -256,7 +256,7 @@ function tools.use_downloader(url, filename, cache) local ok if cfg.downloader == "wget" then - local wget_cmd = fs.Q(vars.WGET).." --no-check-certificate --no-cache --user-agent=\""..cfg.user_agent.." via wget\" --quiet " + local wget_cmd = fs.Q(vars.WGET).." "..vars.WGETNOCERTFLAG.." --no-cache --user-agent=\""..cfg.user_agent.." via wget\" --quiet " if cfg.connection_timeout and cfg.connection_timeout > 0 then wget_cmd = wget_cmd .. "--timeout="..tonumber(cfg.connection_timeout).." --tries=1 " end @@ -272,7 +272,7 @@ function tools.use_downloader(url, filename, cache) ok = fs.execute_quiet(wget_cmd, url) end elseif cfg.downloader == "curl" then - local curl_cmd = vars.CURL.." -f -k -L --user-agent \""..cfg.user_agent.." via curl\" " + local curl_cmd = vars.CURL).." "..vars.CURLNOCERTFLAG.." -f -L --user-agent \""..cfg.user_agent.." via curl\" " if cfg.connection_timeout and cfg.connection_timeout > 0 then curl_cmd = curl_cmd .. "--connect-timeout "..tonumber(cfg.connection_timeout).." " end -- cgit v1.2.3-55-g6feb