[MacPorts] #52515: ncdu @1.12_0: livecheck fails with 403 Forbidden
MacPorts
noreply at macports.org
Thu Oct 6 03:03:33 CEST 2016
#52515: ncdu @1.12_0: livecheck fails with 403 Forbidden
---------------------+--------------------------------
Reporter: nils@… | Owner: macports-tickets@…
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.3.4
Resolution: | Keywords:
Port: ncdu |
---------------------+--------------------------------
Comment (by raimue@…):
I added a bunch of debug code to our curl wrapper in pextlib to extract
the real body from the failed request:
{{{
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /download/
on this server.<br />
Reason: The client software did not provide a hostname using Server Name
Indication (SNI), which is required to access this server.<br />
</p>
</body></html>
}}}
This is a problem due to these conditions:
* curl with SecureTransport will not send SNI in TLS client hello, when
it was asked '''not''' to verify the server certificate
([https://github.com/curl/curl/issues/998 upstream issue])
* livecheck runs with `--ignore-ssl-cert` because
`livecheck.ignore_sslcert yes` is the default
I committed a quickfix for this problem in r153620.
However, I would also recommend we make `livecheck.ignore_sslcert no` the
default in base.
--
Ticket URL: <https://trac.macports.org/ticket/52515#comment:4>
MacPorts <https://www.macports.org/>
Ports system for the Mac operating system
More information about the macports-tickets
mailing list