Merge branch 'lua-https-fix' into 'main'

don't do certificate verification for https downloads in the lua script See merge request systemrescue/systemrescue-sources!227
2026-03-04 12:03:52 +01:00 · 2022-08-07 11:35:07 +00:00 · 2022-08-07 11:35:07 +00:00 · 61cc03ea83
parent 1e8ad8d465 e9549eba34
commit 61cc03ea83
1 changed files with 10 additions and 1 deletions
--- a/airootfs/usr/bin/sysrescue-configuration.lua
+++ b/airootfs/usr/bin/sysrescue-configuration.lua
@ -24,6 +24,9 @@ local lfs = require('lfs')
 local yaml = require('yaml')
 local json = require("dkjson")
 local request = require("http.request")
+local tls_ctx = require "http.tls".new_client_context()
+local tls_ctx_noverify = require "openssl.ssl.context".VERIFY_NONE
+local tls_ctx_doverify = require "openssl.ssl.context".VERIFY_PEER

 -- ==============================================================================
 -- Utility functions
@ -166,10 +169,16 @@ end
 function download_file(fileurl)
    local req_timeout = 10
    local req = request.new_from_uri(fileurl)
+
+    --- we (usually) run during initramfs where the CA database is not available, so don't verify certificates
+    tls_ctx:setVerify(tls_ctx_noverify)
+    req.ctx = tls_ctx
+
    local headers, stream = req:go(req_timeout)

    if headers == nil then
-        io.stderr:write(string.format("Failed to download %s: Could not connect\n", fileurl))
+        --- the second return variable (=stream) contains the error message in case of an error
+        io.stderr:write(string.format("Failed to download %s: %s\n", fileurl, stream))
        return nil
    end