Skip to content

fail2ban install: remove -k (--insecure) from curl options#4080

Merged
georglauterbach merged 3 commits intodocker-mailserver:masterfrom
casperklein:fail2ban
Jun 19, 2024
Merged

fail2ban install: remove -k (--insecure) from curl options#4080
georglauterbach merged 3 commits intodocker-mailserver:masterfrom
casperklein:fail2ban

Conversation

@casperklein
Copy link
Copy Markdown
Member

@casperklein casperklein commented Jun 18, 2024
edited
Loading

Description

   -k, --insecure
          (TLS SFTP SCP) By default, every secure connection curl makes is
          verified to be secure before the transfer takes place. This  op‐
          tion  makes  curl skip the verification step and proceed without
          checking.

          When this option is not used for protocols using TLS, curl veri‐
          fies  the server's TLS certificate before it continues: that the
          certificate contains the right name which matches the host  name
          used in the URL and that the certificate has been signed by a CA
          certificate present in the cert store.  See this online resource
          for further details:
           https://curl.se/docs/sslcerts.html

          For  SFTP  and  SCP, this option makes curl skip the known_hosts
          verification.  known_hosts is a  file  normally  stored  in  the
          user's home directory in the ".ssh" subdirectory, which contains
          host names and their public keys.

          WARNING: using this option makes the transfer insecure.

          When curl uses secure protocols it trusts responses  and  allows
          for  example  HSTS and Alt-Svc information to be stored and used
          subsequently. Using -k, --insecure can make curl trust  and  use
          such information from malicious servers.

          Providing  -k,  --insecure  multiple  times has no extra effect.
          Disable it again with --no-insecure.

          Example:
           curl --insecure https://example.com

          See also --proxy-insecure, --cacert and --capath.

Reverts #1971

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Improvement (non-breaking change that does improve existing functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (README.md or the documentation under docs/)
  • If necessary, I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have added information about changes made in this PR to CHANGELOG.md

@casperklein
remove -k from curl option
d9c66f3 
       -k, --insecure
              (TLS SFTP SCP) By default, every secure connection curl makes is
              verified to be secure before the transfer takes place. This  op‐
              tion  makes  curl skip the verification step and proceed without
              checking.

              When this option is not used for protocols using TLS, curl veri‐
              fies  the server's TLS certificate before it continues: that the
              certificate contains the right name which matches the host  name
              used in the URL and that the certificate has been signed by a CA
              certificate present in the cert store.  See this online resource
              for further details:
               https://curl.se/docs/sslcerts.html

              For  SFTP  and  SCP, this option makes curl skip the known_hosts
              verification.  known_hosts is a  file  normally  stored  in  the
              user's home directory in the ".ssh" subdirectory, which contains
              host names and their public keys.

              WARNING: using this option makes the transfer insecure.

              When curl uses secure protocols it trusts responses  and  allows
              for  example  HSTS and Alt-Svc information to be stored and used
              subsequently. Using -k, --insecure can make curl trust  and  use
              such information from malicious servers.

              Providing  -k,  --insecure  multiple  times has no extra effect.
              Disable it again with --no-insecure.

              Example:
               curl --insecure https://example.com

              See also --proxy-insecure, --cacert and --capath.
polarathene
polarathene previously approved these changes Jun 19, 2024
View reviewed changes
@casperklein casperklein changed the title fail2ban build: remove -k (--insecure) from curl options fail2ban install: remove -k (--insecure) from curl options Jun 19, 2024
@casperklein casperklein marked this pull request as ready for review June 19, 2024 13:55
@georglauterbach georglauterbach merged commit e370c0c into docker-mailserver:master Jun 19, 2024
@casperklein casperklein deleted the fail2ban branch August 17, 2024 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@georglauterbach georglauterbach georglauterbach approved these changes

@polarathene polarathene Awaiting requested review from polarathene

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@casperklein @polarathene @georglauterbach