Adding a -k option to each of the curl statments inside the installation shell script

avijitb · March 17, 2022, 2:16pm

Hi Team,

All the curl statements inside the installation script can have a '-k' option to avoid any certificate errors.

Eg:

$ curl -fsS https://downloads.rclone.org/version.txt
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

curl -kfsS https://downloads.rclone.org/version.txt
<html>
<head><title>302 Moved Temporarily</title></head>
<body>
<center><h1>302 Moved Temporarily</h1></center>
<hr><center>Umbrella Cloud Security Gateway</center>
</body>
</html>

Animosity022 · March 17, 2022, 2:23pm

That's a bad idea as you want to fix your certificate issue.

Having a certificate error is the sign of something wrong on your setup.

avijitb · March 17, 2022, 2:30pm

Sometimes at a organization level there are firewall setups, which are difficult to bypass while trying to configure rclone at a local project level.

Animosity022 · March 17, 2022, 2:36pm

I'm not following as you are saying your org breaks SSL certificates chains and you want to ignore that? Do you mean a proxy? As a firewall is at a different layer.

ncw · March 17, 2022, 3:55pm

We won't be doing that by default as it breaks the assurance chain for installing rclone. It would leave rclone.org vulnerable to a man in the middle attack to install - let's say - malware on your computer.

system · May 16, 2022, 3:55pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.