no-verify not the same as curl --insecure
Opened this issue · 2 comments
when connecting to a self signed cert with an unknown issuer, passing --no-verify
still throws this error:
error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer
When I run the same command with curl --insecure
, it works.
I don't have a great understanding of SSL, so appreciate any insight here.
The option you need is --verify=no
.
This is a nasty gotcha in the way we interpret options. --no-verify
means "ignore all --verify
options that came before", like --no-session
, --no-auth
, etcetera. (We inherited this from HTTPie.)
Maybe we should print a warning/suggestion if a TLS error happens and you passed --no-verify
without a --verify
to cancel out.
Maybe we should print a warning/suggestion if a TLS error happens and you passed
--no-verify
without a--verify
to cancel out.
Something like this could also be helpful if we add cURL's --noproxy
option (disables system proxy), which is too similar to --proxy
's negation flag i.e --no-proxy
. However, I don't know if we can reliably check the error in this case.
Would it be enough to print a warning as soon we detect a negation flag has no effect and is too similar to another flag?