Distribute Game broken due to HTTPS redirect

[rversteegen]

Downloading distrib files with wget/curl is broken on many systems (and all OHRRPGCE versions) because hamsterrepublic.com is now redirecting all http downloads to https. Downloading works for me on a recent Linux but wget.exe is broken on all Windows versions. Recent Win10 versions include curl.exe (which we fallback to when wget fails) but even using that to download doesn't work on some Win10 machines (works for me, not for Prifurin).

We include a very old support/wget.exe (version 1.8.2, from 2002) which doesn't support modern SSL. It prints "Unable to establish SSL connection." and returns errorcode 1. The wget.exe we provide supports Win95 and is only 247kB (I think it's from here). wget 1.19.4 can be had from here, though is unfortunately 3.7MB (1.7MB zipped). I don't know which Windows versions it supports, but it's statically linked.

Older curl versions return errorcode 35 and print curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version.

But even if we replace wget.exe with a new version, all previous releases of the OHRRPGCE are broken. To fix that I think the best thing to do is disable the HTTPS redirect. We probably need to upgrade wget.exe, but if that wget build doesn't support older Windows versions I'm against upgrading it.

James, could you disable the https redirect for http://hamsterrepublic.com/ohrrpgce/nightly/, http://hamsterrepublic.com/dl/, http://HamsterRepublic.com/ohrrpgce/support/ and http://hamsterrepublic.com/ohrrpgce/thirdparty ? I think these are all the paths which Custom downloads from.

[rversteegen]

My assumption that the curl failure is due to the curl version may be wrong. Prifurin gets the following error (on Windows 10 Pro 1903):
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
and we both have curl 7.55.1 (WinSSL), though the release date is different.

Maybe the error is due to a virus scanner (Kaspersky in this case) using a proxy which MITMs SSL. I didn't see any clear answer what causes the error, except that proxies are probably to blame. See eg here

curl has an --ssl-no-revoke option to skip the revocation check which was added specifically to workaround this error.

[bob-the-hamster]

Oh! Yeah, I guess I better disable for now.

I cannot enable/disable on a path level, only on a whole domain level.

So I can turn it off for all of hamsterrepublic.com

What about rpg.hamsterrepublic.com, don't we wget things from there too?

[rversteegen]

Ah, OK. Disabling the HTTPS redirect except for the wiki seems like a permanent solution.

Nope, we don't wget/curl anything from rpg.hamsterrepublic.com. "HTTP test" in the spam menu does fetch http://rpg.hamsterrepublic.com/nightly-archive/ but only as an example. (Note that I have no intention to ever add HTTPS support, though maybe we'll eventually switch to a networking library like SDL_net)

[bob-the-hamster]

Okay, I have disabled the automatic https redirect on hamsterrepublic.com but left it enabled on rpg.hamsterrepublic.com

We can re-test and see if Distribute Game is working again

[rversteegen]

Tested on Win98, the downloads are working.
(I couldn't test on Win95 because it doesn't have TCP/IP installed by default, and I don't have install disk 18?! But it does have IE4!)