Package: apt Version: 1.8.2.3 When using an HTTPS proxy for plain-HTTP repositories, it seems that CaInfo is ignored. Typically: apt-get -o Acquire::https::CaInfo=/cafile.crt -o Acquire::http::Proxy="https://apt-cache.local" update will fail with: Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. I did verify that my certificate and configuration are valid, in two different ways: 1. if I add my certificate into /etc/ssl/certs, things will work as expected 2. when accessing the proxy as if it was a repository itself, directly, using -o Acquire::https::CaInfo works as expected My intuition is that because the repository is plain http, apt drops out any Acquire::https configuration before attempting to connect to the proxy. To validate that, I tried to add on a hunch: -o Acquire::http::CaInfo=/cafile ... it makes it work... though this doesn't seem to be documented (and does not make much sense?). What are your thoughts? Thanks. |