Workaround for #685: retry download failed due to TLS#686
Workaround for #685: retry download failed due to TLS#686G4m4 wants to merge 1 commit intocpm-cmake:masterfrom
Conversation
…ith TLS verify turned off (cpm-cmake#685) The hash of the file still gets verified for safety
G4m4
changed the title
There was a problem hiding this comment.
Thanks for the PR! I'm not sure about this one, automatically retrying with disabled TLS verification does seem rather dodgy (we might as well just turn it off from the start).
Where does the error come from? If it's a proxy issue on your side, would it be a an option for you to just set CMAKE_TLS_VERIFY=OFF on your system instead?
|
Yes, of course I understand that feeling, but the fact that the hash is still checked should prevent file tampering. I have not been able to get to the root cause of this for my own case (and to be honest I do not think it is completely worth it considering the workaround is easy) but there are multiple examples of similar cases: It all seems to relate to various combination of SSL library or softwares using it, and on Windows the typical "update your system" fix is not so easily done as a on e.g. Linux distros. Of course if you feel like this is not a good idea we would indeed disable this locally, but some developer end users might get the same behaviour. |
2 participants
In case of an "error 35" status ("SSL connect error"), retry downloading with TLS verify turned off.
We still expect the same hash.