From 6d9975e19bb6cbe456f46b68e6dd30327c3a17e9 Mon Sep 17 00:00:00 2001
From: Nathan Wilcox <nejucomo@gmail.com>
Date: Wed, 20 Jan 2016 14:45:18 -0800
Subject: [PATCH] Ignore certificate errors when fetching params. We already
 have sha256 integrity, no need for confidentiality/DNS authentication.

---
 zcutil/fetch-params.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/zcutil/fetch-params.sh b/zcutil/fetch-params.sh
index 46be96a85..04e25cfda 100755
--- a/zcutil/fetch-params.sh
+++ b/zcutil/fetch-params.sh
@@ -21,7 +21,14 @@ function fetch_params {
     if ! [ -f "$filename" ]
     then
         echo "Retrieving: $url"
-        wget --progress=dot:giga "$url"
+        # Note: --no-check-certificate should be ok, since we rely on
+        # sha256 for integrity, and there's no confidentiality requirement.
+        # Our website uses letsencrypt certificates which are not supported
+        # by some wget installations, so we expect some cert failures.
+        wget \
+            --progress=dot:giga \
+            --no-check-certificate \
+            "$url"
     fi
 }