Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Do not recommend adding --insecure to solve certificate issues #1810
There is a massive amount of scripts, examples and tutorials unconditionally adding the
A possible culprit is the
This is terrible.
The main causes of certificates that don't validate are:
The following diff displays some hints about what the root cause of a certificate error is likely to be, instead of suggesting
Yes, recommending switching off the certificate checks is a rather terrible thing to do. That's also why the option is called
This said, I'm pretty sure this error message is already a wall of text that is way too big. I think that it due to its size mostly scare people away and I doubt very many actually read the whole thing and weigh their options.
Since this already refers to a URL with most of this described in detail (and it makes sense to make that the single home for those instructions and recommendations), I think we should instead strive toward shortening this error message to a few lines.
Perhaps something like this:
The previuous message was just too long for ordinary people and it was encouraging users to use `--insecure` a little too easy. Based-on-work-by: Frank Denis in #1810
Here's some rough numbers about turning off certificate verification: