Timeline for Does curl have a --no-check-certificate option like wget?
Current License: CC BY-SA 3.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 26, 2020 at 5:10 | comment | added | Steve Payne | How do you reverse it? :) | |
| Jul 18, 2019 at 10:58 | comment | added | kenorb | Obtaining verified SSL certificates by scammers/hackers is no brainer nowadays, you can get it in few minutes. So if somebody is stupid enough to run some random bash install scripts from the internet, verifying certificates won't really help. There are plenty of scam sites which have "verified" SSL certificates. So installing Linux by layman because it's secure vs installing Windows by expert, won't help, as the responsibility is with the user. Just be smart, be safe, and have a common sense. | |
| Jul 18, 2019 at 10:45 | comment | added | kenorb |
If you're a developer or DevOps, you're dealing with SSL issues on daily basis, insecure isn't that bad, it's just less headache (it doesn't affect web-browsers, and you don't curl to to the bank anyway, lol). Secondly, having verification enabled for SSL certificates won't protect you from scammers anyway. Certificates does NOT validate the CONTENTS of the site!. It’s up to THE USER to check whether you're connecting to the right place or not. So having secure won't prevent you from downloading a malware anyway.
|
|
| Jul 18, 2019 at 4:19 | comment | added | Anand Rockzz | this is the real @EricHartford. The previous message was posted by someone else impersonating me. Because I trusted all machines ;-) | |
| Apr 21, 2017 at 15:15 | history | edited | kenorb | CC BY-SA 3.0 |
Expands the answer.
|
| May 8, 2015 at 6:56 | comment | added | Zlatko | Also @EricHartford are you sure you always do trusted curl stuff? Have you ever ran any bash install script you got off of internet? Granted, you can be in the black there anyway, but this increases the chances. | |
| Oct 19, 2014 at 3:02 | comment | added | ereOn | @EricHartford: Well, good for you, but that still doesn't make it a good general advice imho. One might use curl, for instance when downloading homebrew on osx and end up with a modified version of the tools because he enabled this as a default blindly. | |
| Sep 3, 2014 at 18:00 | comment | added | Eric Hartford | Anytime I am using curl, I either control or trust the machine at the other end. | |
| May 22, 2014 at 21:07 | comment | added | Christopher Schultz | This seems like bad advice: disabling these checks for all connections should not be the default, even if you do this to yourself via per-user configuration. If you need to suppress security checks, at least do it piecemeal. | |
| Apr 3, 2014 at 9:21 | history | edited | kenorb | CC BY-SA 3.0 |
added 87 characters in body
|
| Jan 16, 2014 at 16:41 | history | answered | kenorb | CC BY-SA 3.0 |