curl --insecure not working

A L

4/9/23, 7:47 PM

I needed to run the below behind a proxy:

curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash

Which returned errors related to SSL (because the proxy puts its cert in between). I used '--insecure' and re-ran, which works up to a point, however - later in that install script, curl is called again, and returns the same SSL errors.

I added 'insecure' to ~/.curlrc so that the calling script would ignore the SSL errors.. however they still get thrown.. if I drop --insecure from the kick off it still works (validating .curlrc working).. so I figured it must be a permissions issue..

Ran 'chmod 666 .curlrc' and verified rw for all with 'ls -l' - same results.. How do I ignore these SSL errors?

251

0 + 0

curl

ubuntu-20.04

ceejayoz

4/9/23, 8:03 PM

Can you not trust the proxy at the OS level?

Score:2

Server

Bofa Deez

4/10/23, 7:33 AM

Your problem is that you are curling the script as yourself and then the script is running as root:

| sudo bash

When you pipe something into sudo bash, you are running bash as root, and bash will launch all subprocesses (including the curls inside of the script) as root. Since root's account doesn't care about your .curlrc, it won't read it and won't apply your --insecure. You have a couple of options:

Download the script separately from running it and modify the lines containing curl (lines 137 and 182 at the time of writing)
Create a .curlrc file for root at /root/.curlrc with the contents insecure

Edit:

As an aside, it is not generally advised to have application-specific configuration files in your home directory be o+wr, because this would allow anyone with a login on the system to modify your personal configuration. You said that you ran chmod 666 .curlrc but this is inadvisable because then anyone on the system (assuming your home directory is o+rx) can modify your curl configuration, including setting a curl-specific socks proxy and them MiTM all of your curl traffic. This is especially dangerous because they could strip SSL and you wouldn't notice because you're already ignoring insecure connections for your own system proxy.

0 + 0

A L

5/4/23, 4:48 PM

tysm! marking as answer!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: curl --insecure not working

TH: curl - ไม่ปลอดภัยไม่ทำงาน

RO: curl --nesigur nu funcționează

RU: curl --insecure не работает

VI: curl --insecure không hoạt động

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.