@@ -54,6 +54,7 @@ opkg_option_t options[] = {
{"force_postinstall", OPKG_OPT_TYPE_BOOL, &_conf.force_postinstall},
{"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
{"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
+ {"no_check_certificate", OPKG_OPT_TYPE_BOOL, &_conf.no_check_certificate},
{"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
{"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
{"no_proxy", OPKG_OPT_TYPE_STRING, &_conf.no_proxy},
@@ -78,6 +78,7 @@ struct opkg_conf {
int force_checksum;
int check_signature;
int force_signature;
+ int no_check_certificate;
int nodeps; /* do not follow dependencies */
int nocase; /* perform case insensitive matching */
char *offline_root;
@@ -87,11 +87,14 @@ opkg_download(const char *src, const char *dest_file_name,
{
int res;
- const char *argv[8];
+ const char *argv[9];
int i = 0;
argv[i++] = "wget";
argv[i++] = "-q";
+ if (conf->no_check_certificate) {
+ argv[i++] = "--no-check-certificate";
+ }
if (conf->http_proxy || conf->ftp_proxy) {
argv[i++] = "-Y";
argv[i++] = "on";
@@ -52,6 +52,7 @@ enum {
ARGS_OPT_AUTOREMOVE,
ARGS_OPT_CACHE,
ARGS_OPT_FORCE_SIGNATURE,
+ ARGS_OPT_NO_CHECK_CERTIFICATE,
ARGS_OPT_SIZE,
};
@@ -91,6 +92,8 @@ static struct option long_options[] = {
{"force_checksum", 0, 0, ARGS_OPT_FORCE_CHECKSUM},
{"force-signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
{"force_signature", 0, 0, ARGS_OPT_FORCE_SIGNATURE},
+ {"no-check-certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
+ {"no_check_certificate", 0, 0, ARGS_OPT_NO_CHECK_CERTIFICATE},
{"noaction", 0, 0, ARGS_OPT_NOACTION},
{"download-only", 0, 0, ARGS_OPT_DOWNLOAD_ONLY},
{"nodeps", 0, 0, ARGS_OPT_NODEPS},
@@ -226,6 +229,9 @@ static int args_parse(int argc, char *argv[])
case ARGS_OPT_FORCE_SIGNATURE:
conf->force_signature = 1;
break;
+ case ARGS_OPT_NO_CHECK_CERTIFICATE:
+ conf->no_check_certificate = 1;
+ break;
case ':':
parse_err = -1;
break;
@@ -335,6 +341,7 @@ static void usage()
printf
("\t--force-remove Remove package even if prerm script fails\n");
printf("\t--force-checksum Don't fail on checksum mismatches\n");
+ printf("\t--no-check-certificate Don't validate SSL certificates\n");
printf("\t--noaction No action -- test only\n");
printf("\t--download-only No action -- download only\n");
printf("\t--nodeps Do not follow dependencies\n");
For cases when artifacts are stored on https:// accessible locations and you don't want to install ca-certificates (for various reasons). I'll admit, using SSL like this is not recommended, but since wget (even uclient-fetch) allows the --no-check-certificate option, it would be nice for opkg to support setting it if needed/configured. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> --- libopkg/opkg_conf.c | 1 + libopkg/opkg_conf.h | 1 + libopkg/opkg_download.c | 5 ++++- src/opkg-cl.c | 7 +++++++ 4 files changed, 13 insertions(+), 1 deletion(-)