Disable TLS verification for builtin fetchurl

This makes it consistent with the Nixpkgs fetchurl and makes it work in chroots. We don't need verification because the hash of the result is checked anyway.
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-10-21T12·59+0200
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2015-10-21T13·14+0200
commit: 5db358d4d78aea7204a8f22c5bf2a309267ee038 (patch)
tree: be5d2c166ae5504d255512ad632d73b9a174fe5b /src/libstore/builtins.cc
parent: 357d31b33962fcd19f2f05bd6ce6b8c7088a6e39 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libstore/builtins.cc b/src/libstore/builtins.cc
index 25e2e7df30e7..091a67428e4c 100644
--- a/src/libstore/builtins.cc
+++ b/src/libstore/builtins.cc
@@ -8,7 +8,13 @@ void builtinFetchurl(const BasicDerivation & drv)
     auto url = drv.env.find("url");
     if (url == drv.env.end()) throw Error("attribute ‘url’ missing");
     printMsg(lvlInfo, format("downloading ‘%1%’...") % url->second);
-    auto data = downloadFile(url->second); // FIXME: show progress
+
+    /* No need to do TLS verification, because we check the hash of
+       the result anyway. */
+    DownloadOptions options;
+    options.verifyTLS = false;
+
+    auto data = downloadFile(url->second, options); // FIXME: show progress
 
     auto out = drv.env.find("out");
     if (out == drv.env.end()) throw Error("attribute ‘url’ missing");
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-10-21T12·59+0200
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2015-10-21T13·14+0200
commit	5db358d4d78aea7204a8f22c5bf2a309267ee038 (patch)
tree	be5d2c166ae5504d255512ad632d73b9a174fe5b /src/libstore/builtins.cc
parent	357d31b33962fcd19f2f05bd6ce6b8c7088a6e39 (diff)