[Feature Request] Add switch to 'dotnet restore' to ignore repo cert issues

[mahamr]

Hi Team,
Many command-line tools that make outbound HTTPS calls have the ability to disable cert checks or ignore cert-related warnings altogether (i.e. curl -k, Invoke-WebRequest -SkipCertificateCheck, etc.). This could be a valuable feature to have for the dotnet restore command, especially when private repos are in-use and there are known (or even as-yet-unknown) cert-related issues.

Having a feature like this has been mentioned here as well:
dotnet/core#1668 (comment)

Here's a good example for why this would be useful, with a customer environment.
This is an issue I opened some time ago in the runtime repo where dotnet restore was failing due to a certificate policy issue in the chain, for a private repo:
dotnet/runtime#41352
In that environment, SocketsHttpHandler on 2.1+ was not as forgiving as libcurl under-the-hood was in 2.0 and older. The issue worked-around by setting UseSocketsHttpHandler = false which is not ideal.

I believe having a feature like this could be useful to many folks.

Thank you!

[mahamr]

I just read up on the .NET 5 Networking changes and came across this: https://devblogs.microsoft.com/dotnet/net-5-new-networking-improvements/#consistent-cross-platform-implementation

[...] we decided to remove the platform specific handlers from System.Net.Http.dll completely. In .NET 5, it is no longer possible to switch back to them with the "System.Net.Http.UseSocketsHttpHandler" AppContext switch as it used to be.

This effectively means the scenario I opened this issue for is now completely broken when the dotnet CLI used is from .NET 5 as of now.

[marcpopMSFT]

Old bug triage. @aortiz-msft @JonDouglas does nuget have the capability for this? I assume not. I have not seen other asks for this.

[aortiz-msft]

Looks similar to NuGet/Home#12786