From b5ae3e10c27a1fd0b3de453dcf02c83e3f2c4e10 Mon Sep 17 00:00:00 2001 From: Sergei Zimmerman Date: Fri, 24 Oct 2025 00:29:08 +0300 Subject: [PATCH] libstore/filetransfer: Remove verifyTLS from FileTransferRequest, since it's always true This variable is always true, so there's no use-case for it anymore. --- src/libstore/filetransfer.cc | 9 ++------- src/libstore/include/nix/store/filetransfer.hh | 1 - 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc index 201f2984e..1c97cf400 100644 --- a/src/libstore/filetransfer.cc +++ b/src/libstore/filetransfer.cc @@ -399,13 +399,8 @@ struct curlFileTransfer : public FileTransfer curl_easy_setopt(req, CURLOPT_SEEKDATA, this); } - if (request.verifyTLS) { - if (settings.caFile != "") - curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.get().c_str()); - } else { - curl_easy_setopt(req, CURLOPT_SSL_VERIFYPEER, 0); - curl_easy_setopt(req, CURLOPT_SSL_VERIFYHOST, 0); - } + if (settings.caFile != "") + curl_easy_setopt(req, CURLOPT_CAINFO, settings.caFile.get().c_str()); #if !defined(_WIN32) && LIBCURL_VERSION_NUM >= 0x071000 curl_easy_setopt(req, CURLOPT_SOCKOPTFUNCTION, cloexec_callback); diff --git a/src/libstore/include/nix/store/filetransfer.hh b/src/libstore/include/nix/store/filetransfer.hh index 34ec316ef..2b86f6ac9 100644 --- a/src/libstore/include/nix/store/filetransfer.hh +++ b/src/libstore/include/nix/store/filetransfer.hh @@ -99,7 +99,6 @@ struct FileTransferRequest VerbatimURL uri; Headers headers; std::string expectedETag; - bool verifyTLS = true; bool head = false; bool post = false; size_t tries = fileTransferSettings.tries;