2 files changed, 21 insertions, 3 deletions

diff --git a/doc/guix.texi b/doc/guix.texi
index 31deb5b003..da4d2f5ebc 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4643,6 +4643,14 @@ Make sure you understand its security implications before using
 @option{--disable-authentication}.
 @end quotation
 
+@item --no-check-certificate
+Do not validate the X.509 certificates of HTTPS servers.
+
+When using this option, you have @emph{absolutely no guarantee} that you
+are communicating with the authentic server responsible for the given
+URL.  Unless the channel is authenticated, this makes you vulnerable to
+``man-in-the-middle'' attacks.
+
 @item --system=@var{system}
 @itemx -s @var{system}
 Attempt to build for @var{system}---e.g., @code{i686-linux}---instead of
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index 58d3cd7e83..76aed0b5cc 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013-2015, 2017-2023 Ludovic Courtès <[email protected]>
+;;; Copyright © 2013-2015, 2017-2024 Ludovic Courtès <[email protected]>
 ;;; Copyright © 2017 Marius Bakke <[email protected]>
 ;;; Copyright © 2020, 2021 Tobias Geerinckx-Rice <[email protected]>
 ;;;
@@ -77,6 +77,7 @@
     (debug . 0)
     (verbosity . 1)
     (authenticate-channels? . #t)
+    (verify-certificate? . #t)
     (validate-pull . ,ensure-forward-channel-update)))
 
 (define (show-help)
@@ -99,6 +100,9 @@ Download and deploy the latest version of Guix.\n"))
       --disable-authentication
                          disable channel authentication"))
   (display (G_ "
+      --no-check-certificate
+                         do not validate the certificate of HTTPS servers"))
+  (display (G_ "
   -N, --news             display news compared to the previous generation"))
   (display (G_ "
   -l, --list-generations[=PATTERN]
@@ -183,6 +187,9 @@ Download and deploy the latest version of Guix.\n"))
          (option '("disable-authentication") #f #f
                  (lambda (opt name arg result)
                    (alist-cons 'authenticate-channels? #f result)))
+         (option '("no-check-certificate") #f #f
+                 (lambda (opt name arg result)
+                   (alist-cons 'verify-certificate? #f result)))
          (option '(#\p "profile") #t #f
                  (lambda (opt name arg result)
                    (alist-cons 'profile (canonicalize-profile arg)
@@ -845,7 +852,8 @@ Use '~/.config/guix/channels.scm' instead."))
             (profile      (or (assoc-ref opts 'profile) %current-profile))
             (current-channels (profile-channels profile))
             (validate-pull    (assoc-ref opts 'validate-pull))
-            (authenticate?    (assoc-ref opts 'authenticate-channels?)))
+            (authenticate?    (assoc-ref opts 'authenticate-channels?))
+            (verify-certificate? (assoc-ref opts 'verify-certificate?)))
        (cond
         ((assoc-ref opts 'query)
          (process-query opts profile))
@@ -877,7 +885,9 @@ Use '~/.config/guix/channels.scm' instead."))
                                                    #:validate-pull
                                                    validate-pull
                                                    #:authenticate?
-                                                   authenticate?)))
+                                                   authenticate?
+                                                   #:verify-certificate?
+                                                   verify-certificate?)))
                    (format (current-error-port)
                            (N_ "Building from this channel:~%"
                                "Building from these channels:~%"