Closed jgstew closed 10 months ago
In some cases, it might be useful to automatically try the same URL but with HTTP instead of HTTPS to see if that works. This is a solution in use for some BigFix items, particularly in the case of OS X 10.10 that is preventing some downloads from working. BigFix does additional validation of the files downloaded, so a man in the middle attack is not a concern.
Related: https://github.com/homebysix/recipe-robot/issues/74
Recipe Robot 2+ now uses curl for downloading. I imagine both HTTP and HTTPS connections are supported, but HTTP connections with expired/incorrect certificates are not. (And shouldn't be, IMO.)
In some cases, it is useful to pull a download from an internal organization's webserver / software repo / etc... which may be using a self-signed cert.
Also, if there is an odd issue with the certificate and after investigating, you find out that it has recently expired, it would be a bummer to have to wait around for the other end to fix the problem.
Message: [WARNING] Error encountered during file download. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590))
Screenshot:
Related Issues: