Anton (Dec 22 2023 at 13:07): Anton (Dec 22 2023 at 13:07):To support self-signed certificates (#6298) when downloading roc platforms/packages, I propose the addition of the CLI flag --encryption-cert which would allow you to specify the path to a certificate to be used with reqwest's add_root_certificate.
I choose to add the word encryption to the flag to indicate the sensitive nature of this flag. I think we should also print a notice when this flag is being to highlight the potential danger of misuse.
let me know what you think :)
Richard Feldman (Dec 22 2023 at 14:20):interesting, might someone who needs this need more than one cert? :thinking:
Richard Feldman (Dec 22 2023 at 14:22):I assume this would be of interest to people hosting private packages in organizations, but I wonder (a) if they'd actually use self-signed certs, and (b) what other use cases would want to use self-signed certs for packages
Richard Feldman (Dec 22 2023 at 14:23):given the security implications, it might be better to set a higher bar than normal for adding a feature like this!
Anton (Dec 22 2023 at 14:55):Good questions, I don't have much experience with this, so I encourage others to weigh in.
Brendan Hansknecht (Dec 22 2023 at 14:56):I think this is also less needed in the modern day where it is trivial to get a let's encrypt cert for something hosted internally under a subdomain you own.
Brendan Hansknecht (Dec 22 2023 at 14:57):Really no need for self signed as long as you can prove ownership of a domain
Last updated: Jun 16 2026 at 16:19 UTC