You're all missing the possibility that the corporate gateway requires
a specific certificate so it can inspect traffic (anyone remember
https://arstechnica.com/information-technology/2015/02/lenovo-pcs-ship-with-...
On Thu, Feb 23, 2023 at 12:48 PM Viktor Dukhovni
On Thu, Feb 23, 2023 at 11:40:21AM +0100, Hécate wrote:
And I of course forgot the most relevant part for you: https://www.haskell.org/ghcup/guide/#certificate-authority-errors-curl
Why not publish the relevant issuer certificate chain, it could even be curated and regularly updated as ghcup "updates". The curl executable has a "--cacert" option allowing the specification of an alternative trust anchor (root CA if you prefer) and any missing intermediate certificates.
It also supports a "CURL_CA_BUNDLE" environment variable, if that's simpler.
An explicit (securely obtained) trust anchor is safer than ignoring download source authentication.
-- Viktor. _______________________________________________ Haskell-Cafe mailing list To (un)subscribe, modify options or view archives go to: http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe Only members subscribed via the mailman list are allowed to post.
-- brandon s allbery kf8nh allbery.b@gmail.com