Need a command line switch to disable SSL certificate validation

[jgstew]

In some cases, it is useful to pull a download from an internal organization's webserver / software repo / etc... which may be using a self-signed cert.

Also, if there is an odd issue with the certificate and after investigating, you find out that it has recently expired, it would be a bummer to have to wait around for the other end to fix the problem.

Message: [WARNING] Error encountered during file download. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590))

Screenshot:

Related Issues:

• https://github.com/homebysix/recipe-robot/issues/19
• https://github.com/homebysix/recipe-robot/issues/74
• https://github.com/homebysix/recipe-robot/issues/72
• https://github.com/homebysix/recipe-robot/issues/24

[jgstew]

In some cases, it might be useful to automatically try the same URL but with HTTP instead of HTTPS to see if that works. This is a solution in use for some BigFix items, particularly in the case of OS X 10.10 that is preventing some downloads from working. BigFix does additional validation of the files downloaded, so a man in the middle attack is not a concern.

Related: https://github.com/homebysix/recipe-robot/issues/74

[homebysix]

Recipe Robot 2+ now uses curl for downloading. I imagine both HTTP and HTTPS connections are supported, but HTTP connections with expired/incorrect certificates are not. (And shouldn't be, IMO.)