Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add option to ignore TLS #2123

Closed
blockspacer opened this issue Feb 19, 2021 · 6 comments
Closed

add option to ignore TLS #2123

blockspacer opened this issue Feb 19, 2021 · 6 comments

Comments

@blockspacer
Copy link

blockspacer commented Feb 19, 2021
edited 

http_proxy=http://localhost:8088 LC_ALL=C sudo -E flatpak -vv --ostree-verbose remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
F: Opening system flatpak installation at path /var/lib/flatpak
Can't load uri https://flathub.org/repo/flathub.flatpakrepo: Unacceptable TLS certificate

flatpak does not pick up company certs, see #502

Please add options to ignore certificate errors (similar to /etc/apt/apt.conf.d/, --allow-unauthenticated, -o Acquire::AllowInsecureRepositories=true etc):

// Do not verify peer certificate
Acquire::https::Verify-Peer "false";
// Do not verify that certificate name matches server name
Acquire::https::Verify-Host "false";
// Ignore if packages can't be authenticated and don't prompt about it. This is useful for tools like pbuilder.
APT::Get::AllowUnauthenticated "true";
@bamber01
Copy link

Hi blockspacer,

could you be more specify what command or how to add options to ignore certificate errors ??? What file should be modified ? I am using Linux Mint last version and this is a problem.
Thank you

@blockspacer
Copy link
Author

Hi blockspacer,

could you be more specify what command or how to add options to ignore certificate errors ??? What file should be modified ? I am using Linux Mint last version and this is a problem.
Thank you

I can not find any option to ignore certificate errors.
For now, flathub can not be used with corporate certs.
I hope that flathub developers will add some command-line option to ignore certificate errors.

@jonathon-love jonathon-love mentioned this issue Oct 14, 2021
Closed
@mcatanzaro
Copy link

Ignoring errors is not the solution, especially when you're installing software that's going to execute on your computer.

If your company has really deployed a custom root store with particular roots removed, then it's because they don't want you to be able to connect to flathub. That said, based on #2580 I think it's more likely that something else is going on. Please paste the same debug output that I requested in #2580 (comment) into this issue and maybe we can figure out what is going on.

@mcatanzaro
Copy link

Also check to ensure you have ISRG Root X1 in your trust store. How to do this varies by distro. Using seahorse would be a safe bet that should work everywhere.

@barthalion
Copy link
Member

And on top of that, an option to disable TLS is not a Flathub's issue, but Flatpak's at best.

@mcatanzaro
Copy link

Oh yeah, I didn't even realize this was the flathub issue tracker....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@barthalion @mcatanzaro @blockspacer @bamber01