projects / openwrt / staging / jow.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f522c27) | patch
scripts: always check certificates
authorJosh Roys <roysjosh@gmail.com>
Sat, 23 Jul 2022 15:23:16 +0000 (11:23 -0400)
committerChristian Marangi <ansuelsmth@gmail.com>
Sat, 10 Sep 2022 13:24:22 +0000 (15:24 +0200)
commit90c6e3aedf167b0ae1baf376e7800a631681e69a
treee63fad68ee73899024f0dedeee0d8d690666347dtree | snapshot
parentf522c27385d6f94e5dbcc3e84968f0e38609ff1ccommit | diff
scripts: always check certificates

Remove flags from wget and curl instructing them to ignore bad server
certificates. Although other mechanisms can protect against malicious
modifications of downloads, other vectors of attack may be available
to an adversary.

TLS certificate verification can be disabled by turning oof the
"Enable TLS certificate verification during package download" option
enabled by default in the "Global build settings" in "make menuconfig"

Signed-off-by: Josh Roys <roysjosh@gmail.com>
[ add additional info on how to disable this option ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
config/Config-build.in diff | blob | history
rules.mk diff | blob | history
scripts/download.pl diff | blob | history
Staging tree of Jo-Philipp Wich