You are not logged in.

Pages: 1

#1 2017-10-24 12:31:20

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,597
Website

Pacman setting to ignore SSL certificate problems [SOLVED]

I have a local repo running on my LAN's router (webserver) which uses https and a self-signed certificate.  I added an entry to /etc/pacman.conf 

[router]
SigLevel = PackageOptional
Server = http://router/repo/x86_64

But pacman errors out when it goes to read the index:

:: Synchronizing package databases...
error: failed retrieving file 'router.db' from router : SSL certificate problem: self signed certificate
error: failed to update router (download library error)

Is there something to set to ignore just for the [router] entry?  I didn't see anything in the pacman.conf man page but I suspect this is deeper.  Thanks for the info.

Last edited by graysky (2017-10-24 14:23:39)

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#2 2017-10-24 12:39:24

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: Pacman setting to ignore SSL certificate problems [SOLVED]

I'm guessing you actually have https in your pacman.conf rather than the http in your post - typo?

Does the router have a FQDN in a domain that you own? If so then just get a proper certificate from letsencrypt.

Otherwise try pacman and curl in fully verbose/debug modes on the .db file and see if you get any better errors. There may be a curl setting you can make in roots ~ somewhere.

Last edited by Slithery (2017-10-24 12:41:07)

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#3 2017-10-24 12:44:12

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,529
Website

Re: Pacman setting to ignore SSL certificate problems [SOLVED]

slithery wrote:

If so then just get a proper certificate from letsencrypt.

Seconded.

If that is not an option, just don't use https.  Especially if this is just a LAN connection what is the point of encrypting package transactions?

"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#4 2017-10-24 14:23:27

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,597
Website

Re: Pacman setting to ignore SSL certificate problems [SOLVED]

I got it... the problem was that the router's http server was redirecting http to https.  Everything works as expected when I disable that.  Thanks for the replies, all.

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

Pages: 1

Board footer

Powered by FluxBB