scripts: always check certificates

[openwrt/openwrt.git] / scripts / download.pl

diff --git a/scripts/download.pl b/scripts/download.pl
index ebb0d7af199fa14abf72f75a2e8ae31cec030e77..ab1801aad5aedd15ca3a2472cff53148e178bbfb 100755 (executable)
--- a/scripts/download.pl
+++ b/scripts/download.pl
@@ -24,6 +24,8 @@ my $scriptdir = dirname($0);
 my @mirrors;
 my $ok;
 
+my $check_certificate = $ENV{DOWNLOAD_CHECK_CERTIFICATE} eq "y";
+
 $url_filename or $url_filename = $filename;
 
 sub localmirrors {
@@ -80,8 +82,8 @@ sub download_cmd($) {
        }
 
        return $have_curl
-               ? (qw(curl -f --connect-timeout 20 --retry 5 --location --insecure), shellwords($ENV{CURL_OPTIONS} || ''), $url)
-               : (qw(wget --tries=5 --timeout=20 --no-check-certificate --output-document=-), shellwords($ENV{WGET_OPTIONS} || ''), $url)
+               ? (qw(curl -f --connect-timeout 20 --retry 5 --location), $check_certificate ? '' : '--insecure', shellwords($ENV{CURL_OPTIONS} || ''), $url)
+               : (qw(wget --tries=5 --timeout=20 --output-document=-), $check_certificate ? '' : '--no-check-certificate', shellwords($ENV{WGET_OPTIONS} || ''), $url)
        ;
 }
 
@@ -221,7 +223,8 @@ foreach my $mirror (@ARGV) {
                push @mirrors, "http://mirror.internode.on.net/pub/gnu/$1";
                push @mirrors, "http://mirror.navercorp.com/gnu/$1";
                push @mirrors, "ftp://mirrors.rit.edu/gnu/$1";
-               push @mirrors, "ftp://download.xs4all.nl/pub/gnu/";
+               push @mirrors, "ftp://download.xs4all.nl/pub/gnu/$1";
+               push @mirrors, "https://ftp.gnu.org/gnu/$1";
        } elsif ($mirror =~ /^\@SAVANNAH\/(.+)$/) {
                push @mirrors, "https://mirror.netcologne.de/savannah/$1";
                push @mirrors, "https://mirror.csclub.uwaterloo.ca/nongnu/$1";