Conversation

Notices

1. Embed this notice
   daniel:// stenberg:// (bagder@mastodon.social)'s status on Monday, 10-Feb-2025 22:36:58 JST daniel:// stenberg://

   lemme show you 140,000 (!) places in code where certificate verification is switched off when using libcurl: https://github.com/search?q=CURLOPT_SSL_VERIFYPEER%2C+FALSE&type=code

   • kaia and clacke like this.
   • Blaise Pabón - controlpl4n3 repeated this.
   • Embed this notice
     nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Monday, 10-Feb-2025 22:43:34 JST nyanide :nyancat_rainbow::nyancat_body::nyancat_face:

     in reply to
     @bagder i do it with pride
   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 10-Feb-2025 22:45:42 JST 翠星石

     in reply to
     @bagder >That doesn't work without a github account and probably without proprietary JavaScript.
     Many such cases.
   • Embed this notice
     Buccia (bucciabuccia@mastodon.social)'s status on Monday, 10-Feb-2025 23:49:32 JST Buccia

     in reply to

     @bagder Chinese instances are due to many chinese networks doing MiTM so instead of flooding the user with errors, they just disable certificate verification altogether.

   • Embed this notice
     Ret (ret@furry.engineer)'s status on Monday, 10-Feb-2025 23:49:46 JST Ret

     in reply to

     @bagder wait until you find out Amazon Application Load Balancers don't validate server certificates.

     Edit: CloudFront does

   • Embed this notice
     Annika Backstrom (annika@xoxo.zone)'s status on Tuesday, 11-Feb-2025 17:53:15 JST Annika Backstrom

     in reply to

     @bagder 👏

   • Embed this notice
     daniel:// stenberg:// (bagder@mastodon.social)'s status on Tuesday, 11-Feb-2025 17:53:16 JST daniel:// stenberg://

     in reply to

     • Annika Backstrom

     @annika 😱

   • Embed this notice
     daniel:// stenberg:// (bagder@mastodon.social)'s status on Tuesday, 11-Feb-2025 17:53:16 JST daniel:// stenberg://

     in reply to

     • Annika Backstrom

     @annika https://github.com/php-mod/curl/issues/108

   • Embed this notice
     Annika Backstrom (annika@xoxo.zone)'s status on Tuesday, 11-Feb-2025 17:53:17 JST Annika Backstrom

     in reply to

     @bagder This is maybe my favourite, where a curl wrapper explains how to turn peer verification off under the heading "SSL verification setup":

     https://github.com/php-mod/curl#:~:text=SSL%20verification%20setup&text=CURLOPT_SSL_VERIFYPEER,%20FALSE

   • Embed this notice
     clacke (clacke@libranet.de)'s status on Tuesday, 11-Feb-2025 23:17:41 JST clacke

     in reply to
     @bagder Removed a -k from a curl line today when implementing something according to internal documentation. It felt good.
   • Embed this notice
     haerench (haerench@mastodon.social)'s status on Friday, 14-Feb-2025 00:35:40 JST haerench

     in reply to

     @bagder Certainly 140k occurrences is good enough for AI to label this as good code/practice and suggest it in new code ...

     clacke likes this.