Nvm: support strict-ssl-false param?

Currently we use -q on our curl commands to specifically ignore any curlrc settings.

I think this is a duplicate of #877, but since that's closed, I'll leave this open.

Essentially I can think of a few solutions here: either add passthrough support for this specific curl command, or, add a flag that disables -q so that it inherits your ~/.curlrc settings (which should contain the setting you need).

Does curl --verbose https://nodejs.org/dist/ work?

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

@p2227 so, separately, you'll want to create a ~/.curlrc file that has insecure ( http://unix.stackexchange.com/a/109649 ) which should make that curl command work.

It still won't likely make nvm ls-remote work, but it would be a starting point for the latter solution.

thks. now curl --verbose https://nodejs.org/dist/ works
but nvm ls-remote get
N/A

Hi,

same issue hit me too. Problem seems to be with the -q param in the curl calls.
-q ignores the .curlrc file and thats why a direct curl is working, but in nvm it fails.

From the manpage of curl (https://curl.haxx.se/docs/manpage.html):

-q, --disable
If used as the first parameter on the command line, the curlrc config file will not be read and used. See the -K, --config for details on the default config file search path.

1. curl --verbose https://nodejs.org/dist/ # should work
2. curl -q --verbose https://nodejs.org/dist/ # should not work

Issue was addressed with #878 a year ago, but closed by @ljharb and I think other issues can be fixed/provided a workaround, if .curlrc is not ignored.

My solution (and testing) was to remove the -q option in

https://github.com/creationix/nvm/blob/master/nvm.sh#L52
https://github.com/creationix/nvm/blob/master/nvm.sh#L68

... which seems to work so far. I'm first time user of nvm, so maybe more needs to be considered.

By the way: My use case was to set a custom useragent string in the curl call as the proxy denies curls useragent. Hopefully the -q option can be removed and the full power if curl can be used. Otherwise nvm need to rebuild a lot of features of curl/wget.

Regards,
Andreas

@derAndreas I added -q because I was concerned about the opposite problem - -q means i can whitelist any commands i need, instead of blacklisting problematic ones.

If someone can make a PR that removes -q but overrides any options that would conflict, like --remote-name-all, then I may consider accepting it.

Similar problem here. We're behind a corporate proxy which uses a self signed cert. Normally this isn't an issue because we have a cert bundle set in our curlrc, so curl trusts the cert, but nvm disables this.

@ljharb what are the options you would want blacklisted?

The on;y one I recall is --remote-name-all, but I'm sure there are many.

@derAndreas

same issue hit me too. Problem seems to be with the -q param in the curl calls.
-q ignores the .curlrc file and thats why a direct curl is working, but in nvm it fails.

_[snip]_
My solution (and testing) was to remove the -q option in

https://github.com/creationix/nvm/blob/master/nvm.sh#L52
https://github.com/creationix/nvm/blob/master/nvm.sh#L68

Thanks for this note on this issue. I was finding a similar issue with my new corporate MITM proxy cert. FWIW the line numbers changed since when you posted this... it's lines 95 and 115 now (the nvm_download() and nvm_get_latest() functions, respectively).

I've forked this repo and will look to be putting together a more robust fix to address this ancient issue.

@kreig303 thanks, i look forward to your PR.