curl / Mailing Lists / curl-users / Single Mail

curl-users

--insecure

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 23 Aug 2017 10:08:37 +0200 (CEST)

Hi friends,

On github alone, "curl --insecure" is used in source code at least 117,000
times. With a possible addition of about 196,000 instances where "curl -k" is
used.

Some of these use cases are probably totally legit, especially when you get
things from localhost or similar, but many of them should probably rather make
the connection to the self-signed server secure by using a cacert for it.

Is there anything we can do to reduce the use of insecure SSL connections done
by curl in the world?

Would adding a warning help? Here's a PR doing that:

https://github.com/curl/curl/pull/1821

-- 
  / daniel.haxx.se
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2017-08-23

This message: [ Message body ]
Next message: Space One: "Re: malformed curl -- python"
Previous message: Space One: "Re: malformed curl -- python"
Next in thread: Gisle Vanem via curl-users: "Re: --insecure"
Reply: Gisle Vanem via curl-users: "Re: --insecure"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]