Linuxgsm: Why instruct users to use wget --no-check-certificate when downloading lgsm?

Created on 22 Nov 2017  路  10Comments  路  Source: GameServerManagers/LinuxGSM

On the server pages, for example: https://gameservermanagers.com/lgsm/dstserver/

The command that is given to the users is: wget -N --no-check-certificate https://gameservermanagers.com/dl/linuxgsm.sh && chmod +x linuxgsm.sh && bash linuxgsm.sh dstserver

Using this flag disables SSL security checks. Why is this recommended as default when downloading a script that gets to be executed?

docs website issue resolved feature request
Source
picture Flightkick
👍4

Most helpful comment

--no-check-certificate is used for older distros that have issues with SSL. I used to get loads of people complaining they couldn't download the scripts becuase of it. the % of people with the issue may be drastically reduced by now.

picture dgibbs64 on 22 Nov 2017
👍3

All 10 comments

I totally agree with you ... the content should be delivered via a secure connection

JimTR picture JimTR on 22 Nov 2017

The connection is true TLS, so this argument isn't even necessary in most cases.

I believe this is here by default as a workaround for an issue with some wget versions that don't support wget redirection along with TLS, probably in Debian 7 or CentOS 6.

I just tested with my servers on Centos 7, Debian 8 and Debian 9 and didn't face the issue.

So unless there is a very good reason I cannot recall, I agree that --no-check-certificate should be removed.

If somebody with a legacy OS could test this, I'd be grateful.

UltimateByte picture UltimateByte on 22 Nov 2017

I'm not familiar with the site's history but I can imagine the --no-check-certificate was added if the site has ever used Let's Encrypt (which was not added to trusted CA's for different platforms in the beginning).

If there's anyone having issues downloading without the flag you might want to have the option documented including the possible risks. It could then be removed from default instructions.

Thanks!

Flightkick picture Flightkick on 22 Nov 2017

Well, it seems like we pretty much wrapped the topic.
I could modify the website but since it isn't an emergency, I'll let @dgibbs64 take care of it when he can. :)

UltimateByte picture UltimateByte on 22 Nov 2017

--no-check-certificate is used for older distros that have issues with SSL. I used to get loads of people complaining they couldn't download the scripts becuase of it. the % of people with the issue may be drastically reduced by now.

dgibbs64 picture dgibbs64 on 22 Nov 2017
👍3

So I recalled well. :p

Well, I'll add this to the FAQ so that you can alter the website if you think it's a good idea.

UltimateByte picture UltimateByte on 22 Nov 2017

Done
https://github.com/GameServerManagers/LinuxGSM/wiki/FAQ#i-cant-download-linuxgsmsh-tlsssl-errors

UltimateByte picture UltimateByte on 22 Nov 2017
👍1

Here is why we shouldn't keep --no-check-certificate by default : https://github.com/GameServerManagers/LinuxGSM/issues/1749#issuecomment-353980472

UltimateByte picture UltimateByte on 26 Dec 2017

This issue is now resolved.

dgibbs64 picture dgibbs64 on 21 Jul 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 21 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Audrik picture Audrik  路  3Comments
Khelgar1 picture Khelgar1  路  3Comments
Frisasky picture Frisasky  路  3Comments
UltimateByte picture UltimateByte  路  4Comments
dj-hyb picture dj-hyb  路  3Comments