about summary refs log tree commit diff
path: root/src/libstore/builtins.cc
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2015-10-21T12·59+0200
committerEelco Dolstra <eelco.dolstra@logicblox.com>2015-10-21T13·14+0200
commit5db358d4d78aea7204a8f22c5bf2a309267ee038 (patch)
treebe5d2c166ae5504d255512ad632d73b9a174fe5b /src/libstore/builtins.cc
parent357d31b33962fcd19f2f05bd6ce6b8c7088a6e39 (diff)
Disable TLS verification for builtin fetchurl
This makes it consistent with the Nixpkgs fetchurl and makes it work
in chroots. We don't need verification because the hash of the result
is checked anyway.
Diffstat (limited to 'src/libstore/builtins.cc')
-rw-r--r--src/libstore/builtins.cc8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libstore/builtins.cc b/src/libstore/builtins.cc
index 25e2e7df30e7..091a67428e4c 100644
--- a/src/libstore/builtins.cc
+++ b/src/libstore/builtins.cc
@@ -8,7 +8,13 @@ void builtinFetchurl(const BasicDerivation & drv)
     auto url = drv.env.find("url");
     if (url == drv.env.end()) throw Error("attribute ‘url’ missing");
     printMsg(lvlInfo, format("downloading ‘%1%’...") % url->second);
-    auto data = downloadFile(url->second); // FIXME: show progress
+
+    /* No need to do TLS verification, because we check the hash of
+       the result anyway. */
+    DownloadOptions options;
+    options.verifyTLS = false;
+
+    auto data = downloadFile(url->second, options); // FIXME: show progress
 
     auto out = drv.env.find("out");
     if (out == drv.env.end()) throw Error("attribute ‘url’ missing");