raco pkg: add PLT_PKG_SSL_NO_VERIFY environment variable

Just in case someone needs to work around an HTTPS server
without a valid certifcate.

pkgs/racket-doc/pkg/scribblings/apis.scrbl

@@ -53,3 +53,4 @@ to the @exec{raco pkg} sub-subcommands.
 @include-section["name.scrbl"]
 @include-section["db.scrbl"]
 @include-section["dirs-catalog.scrbl"]
+@include-section["envvars.scrbl"]

pkgs/racket-doc/pkg/scribblings/envvars.scrbl

@@ -0,0 +1,14 @@
+#lang scribble/manual
+@(require "common.rkt")
+
+@title[#:tag "envvars"]{Package Management Environment Variables}
+
+If the @indexed-envvar{PLT_PKG_SSL_NO_VERIFY} environment variable is
+set, server certificates are not validated for HTTPS connections. When
+accessing Git servers over HTTPS, @envvar{GIT_SSL_NO_VERIFY} must be
+set, too, to disable certificate validation.
+
+As noted in the specification of GitHub-repository package sources, if
+the @envvar{PLT_USE_GITHUB_API} environment variable is set, GitHub
+packages are obtained using the GitHub API protocol instead of using
+the Git protocol.

racket/collects/pkg/private/network.rkt

@@ -58,7 +58,9 @@
        (lambda (f) (f)))
    (lambda ()
      (define-values (p hs)
-       (parameterize ([current-https-protocol 'secure])
+       (parameterize ([current-https-protocol (if (getenv "PLT_PKG_SSL_NO_VERIFY")
+                                                  (current-https-protocol)
+                                                  'secure)])
          (get-pure-port/headers url headers
                                 #:redirections 25
                                 #:status? #t)))