remove -k from curl option
-k, --insecure
(TLS SFTP SCP) By default, every secure connection curl makes is
verified to be secure before the transfer takes place. This op‐
tion makes curl skip the verification step and proceed without
checking.
When this option is not used for protocols using TLS, curl veri‐
fies the server's TLS certificate before it continues: that the
certificate contains the right name which matches the host name
used in the URL and that the certificate has been signed by a CA
certificate present in the cert store. See this online resource
for further details:
https://curl.se/docs/sslcerts.html
For SFTP and SCP, this option makes curl skip the known_hosts
verification. known_hosts is a file normally stored in the
user's home directory in the ".ssh" subdirectory, which contains
host names and their public keys.
WARNING: using this option makes the transfer insecure.
When curl uses secure protocols it trusts responses and allows
for example HSTS and Alt-Svc information to be stored and used
subsequently. Using -k, --insecure can make curl trust and use
such information from malicious servers.
Providing -k, --insecure multiple times has no extra effect.
Disable it again with --no-insecure.
Example:
curl --insecure https://example.com
See also --proxy-insecure, --cacert and --capath.
This commit is contained in:
casperklein
parent
98cbcfc171
commit
d9c66f3e82
|
|
@ -189,8 +189,8 @@ function _install_fail2ban() {
|
|||
|
||||
gpg --keyserver "${FAIL2BAN_GPG_PUBLIC_KEY_SERVER}" --recv-keys "${FAIL2BAN_GPG_PUBLIC_KEY_ID}" 2>&1
|
||||
|
||||
curl -Lkso fail2ban.deb "${FAIL2BAN_DEB_URL}"
|
||||
curl -Lkso fail2ban.deb.asc "${FAIL2BAN_DEB_ASC_URL}"
|
||||
curl -fsSLo fail2ban.deb "${FAIL2BAN_DEB_URL}"
|
||||
curl -fsSLo fail2ban.deb.asc "${FAIL2BAN_DEB_ASC_URL}"
|
||||
|
||||
FINGERPRINT=$(LANG=C gpg --verify fail2ban.deb.asc fail2ban.deb |& sed -n 's#Primary key fingerprint: \(.*\)#\1#p')
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue