Need a command line switch to disable SSL certificate validation

[jgstew]

In some cases, it is useful to pull a download from an internal organization's webserver / software repo / etc... which may be using a self-signed cert.

Also, if there is an odd issue with the certificate and after investigating, you find out that it has recently expired, it would be a bummer to have to wait around for the other end to fix the problem.

Message:
[WARNING] Error encountered during file download. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590))

Screenshot:

Related Issues:

• Avoid SSLv3 handshake error while using urlopen() #19
• Support for BigFix recipe type #74
• Provide feedback while downloading a file #72
• Do we need special consideration for large file downloads? #24

[jgstew]

In some cases, it might be useful to automatically try the same URL but with HTTP instead of HTTPS to see if that works. This is a solution in use for some BigFix items, particularly in the case of OS X 10.10 that is preventing some downloads from working. BigFix does additional validation of the files downloaded, so a man in the middle attack is not a concern.

Related: #74

[homebysix]

Recipe Robot 2+ now uses curl for downloading. I imagine both HTTP and HTTPS connections are supported, but HTTP connections with expired/incorrect certificates are not. (And shouldn't be, IMO.)