236c842934
* fix(DB/SmartAI): improve Harry surrendering during quest 'Gambling Debt' (#23598) * fix(DB/Quest): The Kalu'ak dailies reward 500 rep (#23600) * chore(DB): import pending files Referenced commit(s):fb03f41b2a* fix(DB/GameEvent): Remove midsummer pole in K3 (#23614) * chore(DB): import pending files Referenced commit(s):7b0000d6ee* fix(DB/SmartAI): increase reliability of quest event Foolish Endeavors (#23612) * chore(DB): import pending files Referenced commit(s):86f219abbc* fix(Scripts/AreaTrigger): players become stuck after Last Rites (#23613) * chore(DB): import pending files Referenced commit(s):c1a8047cf1* fix(Core/Vmaps): Fix inconsistency of hitInstance and hitModel to cause wrong area ids (#23233) Co-authored-by: ModoX <moardox@gmail.com> Co-authored-by: Shauren <shauren.trinity@gmail.com> Co-authored-by: Grimdhex <237474256+Grimdhex@users.noreply.github.com> Co-authored-by: sudlud <sudlud@users.noreply.github.com> * fix(DB/Gameobject): Sniffed Values for 'Wild Mustard' spawns (#23608) * fix(DB/SmartAI): remove large combat distance of Frostbrood Sentry (#23607) * chore(DB): import pending files Referenced commit(s):41d40b236f* fix(DB/ReputationRewardRate): Patch 3.0.0 gain for Northrend factions (#23597) * chore(DB): import pending files Referenced commit(s):067a898caa* fix(Core/Map): It should be ensured that the instance is unloaded only after the Creature Respawn. (#23103) * fix(Scripts/Northrend): Sniffing Out The Perpetrator horde (#23620) * fix(Scripts/Northrend): ensure Drakuru stays in place during Betrayal (#23619) * chore(DB): import pending files Referenced commit(s):928e145694* fix(DB/SmartAI): quest 'Reconnaissance Flight' (#23628) Co-authored-by: dr-j <dr-j@users.noreply.github.com> Co-authored-by: Killyana <morphone1@gmail.com> * fix(DB/QuestOfferReward): remove mention of a beta recipe in text (#23629) * fix(DB/Conditions): update quest conditions to drop chokers (#23610) * chore(DB): import pending files Referenced commit(s):bca8f7ce07* refactor(Core/PlayerScript): Delete OnPlayerChat, use OnPlayerCanUseChat (#23617) * fix(Core/SmartAI): startup warnings unused params (#23551) * fix(Core/Unit): Druid Talent Survival of the Fittest lacking immunity to creature daze (#23471) * fix(DB/SAI): Fix Fizzcrank Paradrop teleporters (#23633) * chore(DB): import pending files Referenced commit(s):94ba1c210d* fix(Core): Fix waterwalking after dying in instance (#23593) * fix(DB/SAI): don't remove all auras when mounting flamebringer (#23640) * chore(DB): import pending files Referenced commit(s):22f91f3802* fix(DB/SAI): Emerald Lasher goes out of the terrain when aggroed. (#23642) * chore(DB): import pending files Referenced commit(s):f9d6fe41de* fix(DB/SAI): Burning Depths Necromancer no longer stays in place. (#23641) * chore(DB): import pending files Referenced commit(s):1037471c8d* fix(DB/SAI): Remove SmartAI from Valkyrion Harpoon Gun. (#23646) * chore(DB): import pending files Referenced commit(s):8e3a7e6dcf* fix(DB/Creature): Fix Weakened Reanimated Frost Wyrm inhabit type (#23645) * chore(DB): import pending files Referenced commit(s):3baa18ef5b* fix(DB/Spell): Infectious Bites should stack from different casters (#23647) * chore(DB): import pending files Referenced commit(s):5aede412ab* fix(DB/SAI): Solve various issues with It Goes to 11... quest. (#23651) * fix(DB/Loot): Fireproof Satchel will now always drop the Ritual of Torch (#23585) * chore(DB): import pending files Referenced commit(s):1090c209b3* fix(Scripts/Northrend): Betrayal quest (#23650) * fix(Script/BlackTemple): Reliquary of Souls will use 45 degree in front to set incombat (#22938) * fix(Scripts/Spell): Fix Animal Blood spawning when it shouldn't (#23656) * fix(Scripts/BoreanTundra): Script Bloodspore Haze/Psychosis (#23657) * chore(DB): import pending files Referenced commit(s):baf7957e36* fix(DB/SAI): Sibling Rivalry quest credit if mounted (#23659) * chore(DB): import pending files Referenced commit(s):6919cc679d* fix(docs/license): use GPLv2 as MaNGOS-based project (#23655) * fix(Core/Achievements): a character can only have 1 race realm first (#23626) * chore: fix leftover license header (#23678) * fix(Scripts/HoL): Update Loken script (#23587) * fix(Scripts/DTK): Update King Dred script (#23572) * fix(DB/SAI): Bitter Departure quest credit (#23658) * chore(DB): import pending files Referenced commit(s):e595425578* fix(DB/Conditions): Ice Shard require Icy Imprisonment (#23661) * chore(DB): import pending files Referenced commit(s):8294652e77* fix(DB/Loot): add Scourge Curio drop to Lost Shandaral Spirit (#23686) * chore(DB): import pending files Referenced commit(s):b6ed4347fe* fix(DB/Gameobject): fix spell focus location for 'Will of the Titans' (#23683) * chore(DB): import pending files Referenced commit(s):388f18895d* fix(DB/Creature): update IOC Demolisher spells (#23685) * chore(DB): import pending files Referenced commit(s):cdfa50c990* fix(Scripts/Northrend): IOC boss cast ability Mortal Strike (#23684) * fix(Scripts/BoreanTundra): Fix Beryl Sorcerer engaging mobs (#23690) * fix(Core/Entities): Improve interactions between taxis and players regarding PvP flag. (#23681) * fix(DB/Creature): Peon Gakra should be an innkeeper (#23699) * chore(DB): import pending files Referenced commit(s):6abff4ac2b* fix(Scripts/SholazarBasin): Fix Song of Wind and Water double credit (#23707) * fix(DB/SAI): Reanimated Frost Wyrm engage after being hit by quest spell (#23697) * fix(DB/SAI): Timely respawn Nesingwary Trappers (#23703) * fix(DB/Creature): Fix Fjord Hawk Matriarch unit flags (#23696) * fix(DB/Conditions): Fix Fordragon Resolve target conditions (#23701) * chore(DB): import pending files Referenced commit(s):2942d63125* fix(DB/Script): Move Tailhorn Stag and Amberpine Woodsman behavior into SmartAI. (#23708) * fix(DB/Creature): Set Trigger flag on Steam Vent. (#23710) * chore(DB): import pending files Referenced commit(s):435ca302ef* fix(DB/SAI): To Stars' Rest! taxi flight (#23712) * chore(DB): import pending files Referenced commit(s):ab4d59ac9d* fix (DB/Creature): Set Surveyor Orlond flags. (#23714) * chore(DB): import pending files Referenced commit(s):e8ec77dca7* fix(DB/Loot): Fix Master Summoner Staff drop chance (#23717) * chore(DB): import pending files Referenced commit(s):182c055e6e* fix(Scripts/DTK): Fix Oh Novos! achievement (#23539) (#23718) * fix(Core/Spells): Remove King Mrgl-Mrgl costume on spell casting (#23713) * chore(DB): import pending files Referenced commit(s):8c963a11ce* fix(DB/Reputation): Utigarde Pinnacle normal reputation (#23719) * chore(DB): import pending files Referenced commit(s):88ed7d66d5* fix(Scripts/HoS): Clean up faction update hacks (#23720) * fix(DB/Reputation): Lower reputation according to rates handling (#23722) * fix(DB/Reputation): Oculus normal & UP correction (#23723) * chore(DB): import pending files Referenced commit(s):abc2cf3028* fix(Scripts/Oculus): Implement crossfaction support for drakes (#23704) * fix(DB/Quest): Correct prerequisite for Reclaimed Ration (#23736) Co-authored-by: blinkysc <blinkysc@users.noreply.github.com> * fix(DB/Quest): Correct prerequisite for Salvaging Life's Strength (#23734) Co-authored-by: blinkysc <blinkysc@users.noreply.github.com> * chore(DB): import pending files Referenced commit(s):afd8197588* fix(Core/Movement): Fix SummonMovementInform for summons (#23725) * refactor(Core/Movement): Fix Build (#23739) * fix(DB/SAI): Update Iron Rune Construct SAI to use DO_ACTION instead … (#23716) * chore(DB): import pending files Referenced commit(s):7cc39f78e2* fix(DB/SAI): Fix Flamebringer gossip interaction (#23740) * chore(DB): import pending files Referenced commit(s):9cb683cfcd* fix(DB/SAI): Nerub'ar member packs now attack together. (#23727) * chore(DB): import pending files Referenced commit(s):6f5a1b7ccc* fix(DB/SAI): Remove Harrison Johnes quest flag on escort accept (#23700) * chore(DB): import pending files Referenced commit(s):bacf15d356* Update crash issue template with log submission guidelines (#23754) * Merge * Updated OnPlayerChat method name to OnPlayerCanUseChat --------- Co-authored-by: sogladev <sogladev@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: 天鹭 <18535853+PkllonG@users.noreply.github.com> Co-authored-by: ModoX <moardox@gmail.com> Co-authored-by: Shauren <shauren.trinity@gmail.com> Co-authored-by: Grimdhex <237474256+Grimdhex@users.noreply.github.com> Co-authored-by: sudlud <sudlud@users.noreply.github.com> Co-authored-by: dr-j <dr-j@users.noreply.github.com> Co-authored-by: Killyana <morphone1@gmail.com> Co-authored-by: Undo <50205200+UndoUreche@users.noreply.github.com> Co-authored-by: Andrew <47818697+Nyeriah@users.noreply.github.com> Co-authored-by: killerwife <killerwife@gmail.com> Co-authored-by: Tereneckla <Tereneckla@pm.me> Co-authored-by: Rocco Silipo <108557877+Rorschach91@users.noreply.github.com> Co-authored-by: Ryan Turner <16946913+TheSCREWEDSoftware@users.noreply.github.com> Co-authored-by: blinkysc <37940565+blinkysc@users.noreply.github.com> Co-authored-by: Francesco Borzì <borzifrancesco@gmail.com> Co-authored-by: Benjamin Jackson <38561765+heyitsbench@users.noreply.github.com> Co-authored-by: Traesh <Traesh@users.noreply.github.com> Co-authored-by: blinkysc <blinkysc@users.noreply.github.com>
4.6 KiB
TLS Certificate Verification
Native vs file based
If curl was built with Schannel or Secure Transport support, then curl uses the system native CA store for verification. All other TLS libraries use a file based CA store by default.
Verification
Every trusted server certificate is digitally signed by a Certificate Authority, a CA.
In your local CA store you have a collection of certificates from trusted certificate authorities that TLS clients like curl use to verify servers.
curl does certificate verification by default. This is done by verifying the signature and making sure the certificate was crafted for the server name provided in the URL.
If you communicate with HTTPS, FTPS or other TLS-using servers using certificates signed by a CA whose certificate is present in the store, you can be sure that the remote server really is the one it claims to be.
If the remote server uses a self-signed certificate, if you do not install a CA cert store, if the server uses a certificate signed by a CA that is not included in the store you use or if the remote host is an impostor impersonating your favorite site, the certificate check fails and reports an error.
If you think it wrongly failed the verification, consider one of the following sections.
Skip verification
Tell curl to not verify the peer with -k/--insecure.
We strongly recommend this is avoided and that even if you end up doing this for experimentation or development, never skip verification in production.
Use a custom CA store
Get a CA certificate that can verify the remote server and use the proper option to point out this CA cert for verification when connecting - for this specific transfer only.
With the curl command line tool: --cacert [file]
If you use the curl command line tool without a native CA store, then you can
specify your own CA cert file by setting the environment variable
CURL_CA_BUNDLE to the path of your choice.
If you are using the curl command line tool on Windows, curl searches for a CA
cert file named curl-ca-bundle.crt in these directories and in this order:
- application's directory
- current working directory
- Windows System directory (e.g. C:\Windows\System32)
- Windows Directory (e.g. C:\Windows)
- all directories along %PATH%
curl 8.11.0 added a build-time option to disable this search behavior, and another option to restrict search to the application's directory.
Use the native store
In several environments, in particular on Windows, you can ask curl to use the system's native CA store when verifying the certificate.
With the curl command line tool: --ca-native.
Modify the CA store
Add the CA cert for your server to the existing default CA certificate store.
Usually you can figure out the path to the local CA store by looking at the
verbose output that curl -v shows when you connect to an HTTPS site.
Change curl's default CA store
The default CA certificate store curl uses is set at build time. When you build curl you can point out your preferred path.
Extract CA cert from a server
curl -w %{certs} https://example.com > cacert.pem
The certificate has BEGIN CERTIFICATE and END CERTIFICATE markers.
Get the Mozilla CA store
Download a version of the Firefox CA store converted to PEM format on the CA Extract page. It always features the latest Firefox bundle.
Native CA store
If curl was built with Schannel, Secure Transport or were instructed to use the native CA Store, then curl uses the certificates that are built into the OS. These are the same certificates that appear in the Internet Options control panel (under Windows) or Keychain Access application (under macOS). Any custom security rules for certificates are honored.
Schannel runs CRL checks on certificates unless peer verification is disabled. Secure Transport on iOS runs OCSP checks on certificates unless peer verification is disabled. Secure Transport on macOS runs either OCSP or CRL checks on certificates if those features are enabled, and this behavior can be adjusted in the preferences of Keychain Access.
HTTPS proxy
curl can do HTTPS to the proxy separately from the connection to the server.
This TLS connection is handled and verified separately from the server
connection so instead of --insecure and --cacert to control the
certificate verification, you use --proxy-insecure and --proxy-cacert.
With these options, you make sure that the TLS connection and the trust of the
proxy can be kept totally separate from the TLS connection to the server.