Feature request: ssl verify environment variable

[gseastream]

Using julia behind a proxy / on a corporate server can get complicated. One complication is that making requests over secure https doesn't work due to SSL verification failing, despite otherwise being fine. Git and other languages' package managers have the ability to turn off SSL verification for requests, for example with conda you can put ssl_verify: false in the .condarc file and suddenly package requests work over https. I think it'd be really helpful to add such an option for julia, either through an environment variable like JULIA_SSL_VERIFY which you can set to false, or some other place where similar options might be located. Currently my only solution is to overwrite the gen_download_cmd method in Pkg.PlatformEngines to append the -k flag to the curl command in the startup.jl file, but ideally this can be done automatically with the correct option for each download engine.

Also sorry if this is a duplicate, I looked but couldn't find any related issues

[alhirzel]

Here's my "temporary" workaround; this is really hacky. Note that I found the callback name here and the documentation for the callback here. This is against Julia v1.3.1, and I have the binary distribution unpacked in my home directory which lets me launch using the following command (using the Pkg.jl development idiom from the README).

export JULIA_BINDIR=~/.bin/julia-1.3.1/bin
$JULIA_BINDIR/julia --project=$JULIA_BINDIR/../share/julia/stdlib/v1.3/Pkg/ -e 'import Pkg' -i

--- GitTools.jl 2020-11-02 12:21:35.485749320 -0500
+++ GitTools.jl.new     2020-11-02 12:22:01.375749623 -0500
@@ -108,6 +108,8 @@
     ispath(target_path) ? LibGit2.GitRepo(target_path) : GitTools.clone(url, target_path; kwargs...)


+ignore_cert_errors(_...) = Cint(0)
+
 function clone(url, source_path; header=nothing, kwargs...)
     @assert !isdir(source_path) || isempty(readdir(source_path))
     url = normalize_url(url)
@@ -117,6 +119,10 @@
         :transfer_progress => (
             @cfunction(transfer_progress, Cint, (Ptr{LibGit2.TransferProgress}, Any)),
             transfer_payload,
+        ),
+        :certificate_check => (
+            @cfunction(ignore_cert_errors, Cint, (Ptr{Any},Cint,Ptr{Any},Ptr{Any},)),
+            ignore_cert_errors,
         )
     )
     print(stdout, "\e[?25l") # disable cursor
@@ -151,6 +157,10 @@
         :transfer_progress => (
             @cfunction(transfer_progress, Cint, (Ptr{LibGit2.TransferProgress}, Any)),
             transfer_payload,
+        ),
+        :certificate_check => (
+            @cfunction(ignore_cert_errors, Cint, (Ptr{Any},Cint,Ptr{Any},Ptr{Any},)),
+            ignore_cert_errors,
         )
     )
     print(stdout, "\e[?25l") # disable cursor

[fredrikekre]

I believe this is fixed now (@StefanKarpinski?), see https://github.com/JuliaLang/NetworkOptions.jl#verify_host