pkg and https-based repo with self-signed cert

Crest crest at
Fri Feb 6 17:01:43 UTC 2015

On 05.02.2015 21:52, Kurt Jaeger wrote:
> Hi!
> How do I get pkg to accept a self-signed cert if the repo is running
> under https ?
> Thanks for any hints!
There is no need to use TLS as transport encryption, because repos can 
be signed. It's not only more efficient to transport unencrypted signed 
files than relying on transport encryption it also allows repos to be 
replicated to untrusted mirrors and proxies. There is no harm in 
encrypting your HTTP transfers with TLS if your package mirror enough 
CPU power to spare. You gain little by encrypting your package downloads 
because a passive attacker can still fingerprint the fetched packages by 
their size and dependencies.

More information about the freebsd-ports mailing list