projects / openwrt / staging / hauke.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b5e3935) | patch
scripts: always check certificates
authorJosh Roys <roysjosh@gmail.com>
Sat, 23 Jul 2022 15:23:16 +0000 (11:23 -0400)
committerPetr Štetiar <ynezz@true.cz>
Fri, 16 Sep 2022 16:50:46 +0000 (18:50 +0200)
commit340b138932c3720db227821415f494ac81e8b675
treeb1d5de1230eb7c272d9243c21a2b9a3ebaad7489tree | snapshot
parentb5e39355e4121bd6288e2fc4a434a785bd6d6285commit | diff
scripts: always check certificates

Remove flags from wget and curl instructing them to ignore bad server
certificates. Although other mechanisms can protect against malicious
modifications of downloads, other vectors of attack may be available
to an adversary.

TLS certificate verification can be disabled by turning oof the
"Enable TLS certificate verification during package download" option
enabled by default in the "Global build settings" in "make menuconfig"

Signed-off-by: Josh Roys <roysjosh@gmail.com>
[ add additional info on how to disable this option ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 90c6e3aedf167b0ae1baf376e7800a631681e69a)
config/Config-build.in diff | blob | history
rules.mk diff | blob | history
scripts/download.pl diff | blob | history
Hauke Mehrtens staging tree