git.openwrt.org Git - openwrt/openwrt.git/commit

author	Josh Roys <roysjosh@gmail.com>
	Sat, 23 Jul 2022 15:23:16 +0000 (11:23 -0400)
committer	Petr Štetiar <ynezz@true.cz>
	Wed, 21 Sep 2022 09:52:40 +0000 (11:52 +0200)
commit	f0bca34f16327c6001515f9c73c2c284574c7b6d
tree	e408167cf567fb7daa8cde7e689e5fbb0a9c6838	tree \| snapshot
parent	c6d3f39ecce43c4a9858157e9e2ee8718750a9ab	commit \| diff

scripts: always check certificates

Remove flags from wget and curl instructing them to ignore bad server
certificates. Although other mechanisms can protect against malicious
modifications of downloads, other vectors of attack may be available
to an adversary.

TLS certificate verification can be disabled by turning oof the
"Enable TLS certificate verification during package download" option
enabled by default in the "Global build settings" in "make menuconfig"

Signed-off-by: Josh Roys <roysjosh@gmail.com>
[ add additional info on how to disable this option ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [backport]
(cherry picked from commit 90c6e3aedf167b0ae1baf376e7800a631681e69a)

config/Config-build.in		diff \| blob \| history
rules.mk		diff \| blob \| history
scripts/download.pl		diff \| blob \| history