curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: --insecure

From: Benedikt Christoph Wolters <benedikt.wolters_at_rwth-aachen.de>
Date: Wed, 23 Aug 2017 13:47:13 +0200

It think -k is more troubling as it hides the insecureness behind some
mysterious 'k' switch.
At the same time I am against removing '-k', because it would be a
huge change and break a lot of stuff (with little benefit).

> You got these numbers from the Github logs?
https://github.com/search?q=curl+--insecure&type=Code&utf8=%E2%9C%93

In fact -k seems to be more heavily in use.
https://github.com/search?q=curl+-k&type=Code&utf8=%E2%9C%93

I think a warning will certainly help. I wouldn't go beyond.

Qapla'!
Benedikt

2017-08-23 12:33 GMT+02:00 Gisle Vanem via curl-users <curl-users_at_cool.haxx.se>:
> Daniel Stenberg wrote:
>
>> On github alone, "curl --insecure" is used in source code at least 117,000
>> times. With a possible addition of about 196,000 instances where "curl -k"
>> is used.
>
>
> You got these numbers from the Github logs?
>
>> Some of these use cases are probably totally legit, especially when you
>> get things from localhost or similar, but many of them should probably
>> rather make the connection to the self-signed server secure by using a
>> cacert for it.
>
>
> On the other hand, after I enabled 2FA, I'm not able to get any content from
> raw.githubusercontent.com now; always gives me a "404 Not Found".
> Maybe this is related to 2FA. If so, this seems too strict.
>
> I do have login/pass entries in my '%HOME%/_netrc' for
> raw.githubusercontent.com
> and github.com. But only a 'curl --no-netrc' will give me the real content.
> E.g.
> curl https://raw.githubusercontent.com/nlohmann/json/v2.1.1/src/json.hpp
> (fail; 404)
> curl --no-netrc
> https://raw.githubusercontent.com/nlohmann/json/v2.1.1/src/json.hpp (OK)
>
>
> --
> --gv
>
> -----------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-08-23