Skip to content
Browse files

By default, check the certificate of downloaded dependency archives.

Use --disable-certificate-check if you want to bypass that. See #408 for instance.

Partially fix #563
  • Loading branch information...
1 parent d064671 commit 1710a234cbdb4a1d26173f791259cfb88a538288 @samoht committed Mar 27, 2013
Showing with 49 additions and 18 deletions.
  1. +28 −8 configure
  2. +21 −10 configure.ac
View
36 configure
@@ -1227,7 +1227,12 @@ if test -n "$ac_init_help"; then
Optional Features:
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --disable-version-check do not check OCaml version
+ --disable-version-check Do not check OCaml version
+
+ --disable-certificate-check
+ Do not check the certificate of OPAM's dependency
+ archives
+
Some influential environment variables:
CC C compiler command
@@ -4433,15 +4438,12 @@ fi
# Check whether --enable-version-check was given.
if test "${enable_version_check+set}" = set; then
- enableval=$enable_version_check; VERSION_CHECK="$enableval"
-else
- VERSION_CHECK="yes"
+ enableval=$enable_version_check;
fi
# Check that OCaml version is greater or equal to 3.12.1
-if test "$VERSION_CHECK" = "yes" ; then
- for ac_prog in gawk mawk nawk awk
+for ac_prog in gawk mawk nawk awk
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
@@ -4483,6 +4485,8 @@ fi
test -n "$AWK" && break
done
+if test "x${enable_version-check}" != "xno"; then
+
@@ -4520,8 +4524,24 @@ echo "$as_me: error: Your version of OCaml: $OCAMLVERSION is not supported" >&2;
{ (exit 1); exit 1; }; }
fi
+
+fi
+
+
+# Check whether --enable-certificate-check was given.
+if test "${enable_certificate_check+set}" = set; then
+ enableval=$enable_certificate_check;
fi
+
+if test "x${enable_certificate-check}" = "xno"; then
+
+ curl_certificate_check=--insecure
+ wget_certificate_check=--no-check-certificate
+
+fi
+
+
for ac_prog in curl wget
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
@@ -4567,10 +4587,10 @@ test -n "$FETCH" || FETCH="no"
if test x"$FETCH" = x"curl" ; then
- fetch="curl --insecure -OL"
+ fetch="curl $curl_certificate_check -OL"
elif test x"$FETCH" = x"wget" ; then
- fetch="wget --no-check-certificate"
+ fetch="wget $wget_certificate_check"
else
{ { echo "$as_me:$LINENO: error: You must have either curl or wget installed." >&5
View
31 configure.ac
@@ -13,23 +13,34 @@ if test "$CAMLP4" = "no"; then
AC_MSG_ERROR([You must install the Camlp4 pre-processor. On some operating systems, these are separate packages from the main OCaml compiler, such as camlp4-extra on Debian.])
fi
-AC_ARG_ENABLE(version-check,
- [ --disable-version-check do not check OCaml version],
- [VERSION_CHECK="$enableval"],
- [VERSION_CHECK="yes"])
+AC_ARG_ENABLE([version-check],
+ AS_HELP_STRING([--disable-version-check],
+ [Do not check OCaml version])
+)
# Check that OCaml version is greater or equal to 3.12.1
-if test "$VERSION_CHECK" = "yes" ; then
- AX_COMPARE_VERSION( [$OCAMLVERSION], [lt], [3.12.1],
- AC_MSG_ERROR([Your version of OCaml: $OCAMLVERSION is not supported]))
-fi
+AS_IF([test "x${enable_version-check}" != "xno"], [
+ AX_COMPARE_VERSION(
+ [$OCAMLVERSION], [lt], [3.12.1],
+ AC_MSG_ERROR([Your version of OCaml: $OCAMLVERSION is not supported]))
+])
+
+AC_ARG_ENABLE([certificate-check],
+ AS_HELP_STRING([--disable-certificate-check],
+ [Do not check the certificate of OPAM's dependency archives])
+)
+
+AS_IF([test "x${enable_certificate-check}" = "xno"], [
+ curl_certificate_check=--insecure
+ wget_certificate_check=--no-check-certificate
+])
AC_CHECK_PROGS(FETCH,[curl wget],no)
if test x"$FETCH" = x"curl" ; then
- AC_SUBST(fetch, "curl --insecure -OL")
+ AC_SUBST(fetch, "curl $curl_certificate_check -OL")
elif test x"$FETCH" = x"wget" ; then
- AC_SUBST(fetch, "wget --no-check-certificate")
+ AC_SUBST(fetch, "wget $wget_certificate_check")
else
AC_MSG_ERROR([You must have either curl or wget installed.])
fi

0 comments on commit 1710a23

Please sign in to comment.
Something went wrong with that request. Please try again.