On Tue, Nov 17, 2015 at 10:12:07PM +0000, John Keeping wrote: > If the CA path isn't found it's most likely to indicate a > misconfiguration, in which case accepting any certificate is unlikely to > be the correct thing to do. Yeah, this seems like a crazy default for security-sensitive code. I suspect some people will see breakage from applying this (because their systems are broken and they did not know it), but that is a good thing. For people who know their systems are broken and want to proceed anyway, what is the appropriate work-around? Obviously it involves disabling peer verification, but would we want to include instructions for doing so (either in the error message, or perhaps mentioning it in the commit message)? -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html