[Haskell-cafe] Status of ghcup?
Brandon Allbery
allbery.b at gmail.com
Thu Feb 23 17:50:40 UTC 2023
You're all missing the possibility that the corporate gateway requires
a specific certificate so it can inspect traffic (anyone remember
https://arstechnica.com/information-technology/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/)?
On Thu, Feb 23, 2023 at 12:48 PM Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> On Thu, Feb 23, 2023 at 11:40:21AM +0100, Hécate wrote:
>
> > And I of course forgot the most relevant part for you:
> > https://www.haskell.org/ghcup/guide/#certificate-authority-errors-curl
>
> Why not publish the relevant issuer certificate chain, it could even be
> curated and regularly updated as ghcup "updates". The curl executable
> has a "--cacert" option allowing the specification of an alternative
> trust anchor (root CA if you prefer) and any missing intermediate
> certificates.
>
> It also supports a "CURL_CA_BUNDLE" environment variable, if that's
> simpler.
>
> An explicit (securely obtained) trust anchor is safer than ignoring
> download source authentication.
>
> --
> Viktor.
> _______________________________________________
> Haskell-Cafe mailing list
> To (un)subscribe, modify options or view archives go to:
> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
> Only members subscribed via the mailman list are allowed to post.
--
brandon s allbery kf8nh
allbery.b at gmail.com
More information about the Haskell-Cafe
mailing list