curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: --insecure

From: Gisle Vanem via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 23 Aug 2017 12:33:58 +0200

Daniel Stenberg wrote:

> On github alone, "curl --insecure" is used in source code at least 117,000 times. With a possible addition of about
> 196,000 instances where "curl -k" is used.

You got these numbers from the Github logs?

> Some of these use cases are probably totally legit, especially when you get things from localhost or similar, but many
> of them should probably rather make the connection to the self-signed server secure by using a cacert for it.

On the other hand, after I enabled 2FA, I'm not able to get any content from
raw.githubusercontent.com now; always gives me a "404 Not Found".
Maybe this is related to 2FA. If so, this seems too strict.

I do have login/pass entries in my '%HOME%/_netrc' for raw.githubusercontent.com
and github.com. But only a 'curl --no-netrc' will give me the real content.
E.g.
curl https://raw.githubusercontent.com/nlohmann/json/v2.1.1/src/json.hpp (fail; 404)
curl --no-netrc https://raw.githubusercontent.com/nlohmann/json/v2.1.1/src/json.hpp (OK)

-- 
--gv
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2017-08-23

This message: [ Message body ]
Next message: Benedikt Christoph Wolters: "Re: --insecure"
Previous message: Space One: "Re: malformed curl -- python"
In reply to: Daniel Stenberg: "--insecure"
Next in thread: Benedikt Christoph Wolters: "Re: --insecure"
Reply: Benedikt Christoph Wolters: "Re: --insecure"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]