From: Brian C. Lane <bcl@redhat.com>
Date: Mon, 8 Oct 2012 22:01:29 +0000 (-0700)
Subject: Add rd.noverifyssl argument (#852229)
X-Git-Tag: 024~24
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=13cb578a3783aeb6b7ed83f0e5437724e2e85550;p=thirdparty%2Fdracut.git

Add rd.noverifyssl argument (#852229)

This adds --insecure to the curl args so that self-signed certificates
will be accepted.
---

diff --git a/dracut.cmdline.7.asc b/dracut.cmdline.7.asc
index 350aecf6a..27d3a5513 100644
--- a/dracut.cmdline.7.asc
+++ b/dracut.cmdline.7.asc
@@ -114,6 +114,9 @@ Misc
     started. If you have hardware, which takes a very long time to announce its
     drives, you might want to extend this value.
 
+**rd.noverifyssl**::
+    accept self-signed certificates for ssl downloads.
+
 [[dracutkerneldebug]]
 Debug
 ~~~~~
diff --git a/modules.d/45url-lib/url-lib.sh b/modules.d/45url-lib/url-lib.sh
index a8069efad..034a7cd12 100755
--- a/modules.d/45url-lib/url-lib.sh
+++ b/modules.d/45url-lib/url-lib.sh
@@ -54,7 +54,8 @@ add_url_handler() {
 
 export CURL_HOME="/run/initramfs/url-lib"
 mkdir -p $CURL_HOME
-curl_args="--location --retry 3 --fail --show-error --insecure"
+curl_args="--location --retry 3 --fail --show-error"
+getargbool 0 rd.noverifyssl && curl_args+=" --insecure"
 
 curl_fetch_url() {
     local url="$1" outloc="$2"