patches/openwrt: scripts: always check certificates: accepted

patches/openwrt/wip/0045-scripts-download.pl-use-secure-transfer-for-download.patch

-From 1a5fc6f43d83ba78e6b8b43e2138308442e51044 Mon Sep 17 00:00:00 2001
-From: Josef Schlehofer <pepe.schlehofer@gmail.com>
-Date: Thu, 14 Jul 2022 23:30:26 +0200
-Subject: [PATCH] scripts/download.pl: use secure transfer for downloads
-
-By default in OpenWrt uses for download tarballs insecure way,
-let's force secure transfer downloads to be more safe.
-
-Similar PR was submitted to OpenWrt, but it is not merged and OpenWrt
-core members said that they authenticate downloads by checksum and that
-the TLS identity does not matter.
-
-See: https://github.com/openwrt/openwrt/pull/4948
-
-Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
----
- scripts/download.pl | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/scripts/download.pl b/scripts/download.pl
-index af13c0ae00..657afba101 100755
---- a/scripts/download.pl
-+++ b/scripts/download.pl
-@@ -80,8 +80,8 @@ sub download_cmd($) {
- 	}
- 
- 	return $have_curl
--		? (qw(curl -f --connect-timeout 20 --retry 5 --location --insecure), shellwords($ENV{CURL_OPTIONS} || ''), $url)
--		: (qw(wget --tries=5 --timeout=20 --no-check-certificate --output-document=-), shellwords($ENV{WGET_OPTIONS} || ''), $url)
-+		? (qw(curl -f --connect-timeout 20 --retry 5 --location), shellwords($ENV{CURL_OPTIONS} || ''), $url)
-+		: (qw(wget --tries=5 --timeout=20 --output-document=-), shellwords($ENV{WGET_OPTIONS} || ''), $url)
- 	;
- }
- 
--- 
-2.34.1
-