mirror of
https://github.com/mod-playerbots/azerothcore-wotlk.git
synced 2026-02-01 18:13:48 +00:00
236c842934
* fix(DB/SmartAI): improve Harry surrendering during quest 'Gambling Debt' (#23598) * fix(DB/Quest): The Kalu'ak dailies reward 500 rep (#23600) * chore(DB): import pending files Referenced commit(s):fb03f41b2a* fix(DB/GameEvent): Remove midsummer pole in K3 (#23614) * chore(DB): import pending files Referenced commit(s):7b0000d6ee* fix(DB/SmartAI): increase reliability of quest event Foolish Endeavors (#23612) * chore(DB): import pending files Referenced commit(s):86f219abbc* fix(Scripts/AreaTrigger): players become stuck after Last Rites (#23613) * chore(DB): import pending files Referenced commit(s):c1a8047cf1* fix(Core/Vmaps): Fix inconsistency of hitInstance and hitModel to cause wrong area ids (#23233) Co-authored-by: ModoX <moardox@gmail.com> Co-authored-by: Shauren <shauren.trinity@gmail.com> Co-authored-by: Grimdhex <237474256+Grimdhex@users.noreply.github.com> Co-authored-by: sudlud <sudlud@users.noreply.github.com> * fix(DB/Gameobject): Sniffed Values for 'Wild Mustard' spawns (#23608) * fix(DB/SmartAI): remove large combat distance of Frostbrood Sentry (#23607) * chore(DB): import pending files Referenced commit(s):41d40b236f* fix(DB/ReputationRewardRate): Patch 3.0.0 gain for Northrend factions (#23597) * chore(DB): import pending files Referenced commit(s):067a898caa* fix(Core/Map): It should be ensured that the instance is unloaded only after the Creature Respawn. (#23103) * fix(Scripts/Northrend): Sniffing Out The Perpetrator horde (#23620) * fix(Scripts/Northrend): ensure Drakuru stays in place during Betrayal (#23619) * chore(DB): import pending files Referenced commit(s):928e145694* fix(DB/SmartAI): quest 'Reconnaissance Flight' (#23628) Co-authored-by: dr-j <dr-j@users.noreply.github.com> Co-authored-by: Killyana <morphone1@gmail.com> * fix(DB/QuestOfferReward): remove mention of a beta recipe in text (#23629) * fix(DB/Conditions): update quest conditions to drop chokers (#23610) * chore(DB): import pending files Referenced commit(s):bca8f7ce07* refactor(Core/PlayerScript): Delete OnPlayerChat, use OnPlayerCanUseChat (#23617) * fix(Core/SmartAI): startup warnings unused params (#23551) * fix(Core/Unit): Druid Talent Survival of the Fittest lacking immunity to creature daze (#23471) * fix(DB/SAI): Fix Fizzcrank Paradrop teleporters (#23633) * chore(DB): import pending files Referenced commit(s):94ba1c210d* fix(Core): Fix waterwalking after dying in instance (#23593) * fix(DB/SAI): don't remove all auras when mounting flamebringer (#23640) * chore(DB): import pending files Referenced commit(s):22f91f3802* fix(DB/SAI): Emerald Lasher goes out of the terrain when aggroed. (#23642) * chore(DB): import pending files Referenced commit(s):f9d6fe41de* fix(DB/SAI): Burning Depths Necromancer no longer stays in place. (#23641) * chore(DB): import pending files Referenced commit(s):1037471c8d* fix(DB/SAI): Remove SmartAI from Valkyrion Harpoon Gun. (#23646) * chore(DB): import pending files Referenced commit(s):8e3a7e6dcf* fix(DB/Creature): Fix Weakened Reanimated Frost Wyrm inhabit type (#23645) * chore(DB): import pending files Referenced commit(s):3baa18ef5b* fix(DB/Spell): Infectious Bites should stack from different casters (#23647) * chore(DB): import pending files Referenced commit(s):5aede412ab* fix(DB/SAI): Solve various issues with It Goes to 11... quest. (#23651) * fix(DB/Loot): Fireproof Satchel will now always drop the Ritual of Torch (#23585) * chore(DB): import pending files Referenced commit(s):1090c209b3* fix(Scripts/Northrend): Betrayal quest (#23650) * fix(Script/BlackTemple): Reliquary of Souls will use 45 degree in front to set incombat (#22938) * fix(Scripts/Spell): Fix Animal Blood spawning when it shouldn't (#23656) * fix(Scripts/BoreanTundra): Script Bloodspore Haze/Psychosis (#23657) * chore(DB): import pending files Referenced commit(s):baf7957e36* fix(DB/SAI): Sibling Rivalry quest credit if mounted (#23659) * chore(DB): import pending files Referenced commit(s):6919cc679d* fix(docs/license): use GPLv2 as MaNGOS-based project (#23655) * fix(Core/Achievements): a character can only have 1 race realm first (#23626) * chore: fix leftover license header (#23678) * fix(Scripts/HoL): Update Loken script (#23587) * fix(Scripts/DTK): Update King Dred script (#23572) * fix(DB/SAI): Bitter Departure quest credit (#23658) * chore(DB): import pending files Referenced commit(s):e595425578* fix(DB/Conditions): Ice Shard require Icy Imprisonment (#23661) * chore(DB): import pending files Referenced commit(s):8294652e77* fix(DB/Loot): add Scourge Curio drop to Lost Shandaral Spirit (#23686) * chore(DB): import pending files Referenced commit(s):b6ed4347fe* fix(DB/Gameobject): fix spell focus location for 'Will of the Titans' (#23683) * chore(DB): import pending files Referenced commit(s):388f18895d* fix(DB/Creature): update IOC Demolisher spells (#23685) * chore(DB): import pending files Referenced commit(s):cdfa50c990* fix(Scripts/Northrend): IOC boss cast ability Mortal Strike (#23684) * fix(Scripts/BoreanTundra): Fix Beryl Sorcerer engaging mobs (#23690) * fix(Core/Entities): Improve interactions between taxis and players regarding PvP flag. (#23681) * fix(DB/Creature): Peon Gakra should be an innkeeper (#23699) * chore(DB): import pending files Referenced commit(s):6abff4ac2b* fix(Scripts/SholazarBasin): Fix Song of Wind and Water double credit (#23707) * fix(DB/SAI): Reanimated Frost Wyrm engage after being hit by quest spell (#23697) * fix(DB/SAI): Timely respawn Nesingwary Trappers (#23703) * fix(DB/Creature): Fix Fjord Hawk Matriarch unit flags (#23696) * fix(DB/Conditions): Fix Fordragon Resolve target conditions (#23701) * chore(DB): import pending files Referenced commit(s):2942d63125* fix(DB/Script): Move Tailhorn Stag and Amberpine Woodsman behavior into SmartAI. (#23708) * fix(DB/Creature): Set Trigger flag on Steam Vent. (#23710) * chore(DB): import pending files Referenced commit(s):435ca302ef* fix(DB/SAI): To Stars' Rest! taxi flight (#23712) * chore(DB): import pending files Referenced commit(s):ab4d59ac9d* fix (DB/Creature): Set Surveyor Orlond flags. (#23714) * chore(DB): import pending files Referenced commit(s):e8ec77dca7* fix(DB/Loot): Fix Master Summoner Staff drop chance (#23717) * chore(DB): import pending files Referenced commit(s):182c055e6e* fix(Scripts/DTK): Fix Oh Novos! achievement (#23539) (#23718) * fix(Core/Spells): Remove King Mrgl-Mrgl costume on spell casting (#23713) * chore(DB): import pending files Referenced commit(s):8c963a11ce* fix(DB/Reputation): Utigarde Pinnacle normal reputation (#23719) * chore(DB): import pending files Referenced commit(s):88ed7d66d5* fix(Scripts/HoS): Clean up faction update hacks (#23720) * fix(DB/Reputation): Lower reputation according to rates handling (#23722) * fix(DB/Reputation): Oculus normal & UP correction (#23723) * chore(DB): import pending files Referenced commit(s):abc2cf3028* fix(Scripts/Oculus): Implement crossfaction support for drakes (#23704) * fix(DB/Quest): Correct prerequisite for Reclaimed Ration (#23736) Co-authored-by: blinkysc <blinkysc@users.noreply.github.com> * fix(DB/Quest): Correct prerequisite for Salvaging Life's Strength (#23734) Co-authored-by: blinkysc <blinkysc@users.noreply.github.com> * chore(DB): import pending files Referenced commit(s):afd8197588* fix(Core/Movement): Fix SummonMovementInform for summons (#23725) * refactor(Core/Movement): Fix Build (#23739) * fix(DB/SAI): Update Iron Rune Construct SAI to use DO_ACTION instead … (#23716) * chore(DB): import pending files Referenced commit(s):7cc39f78e2* fix(DB/SAI): Fix Flamebringer gossip interaction (#23740) * chore(DB): import pending files Referenced commit(s):9cb683cfcd* fix(DB/SAI): Nerub'ar member packs now attack together. (#23727) * chore(DB): import pending files Referenced commit(s):6f5a1b7ccc* fix(DB/SAI): Remove Harrison Johnes quest flag on escort accept (#23700) * chore(DB): import pending files Referenced commit(s):bacf15d356* Update crash issue template with log submission guidelines (#23754) * Merge * Updated OnPlayerChat method name to OnPlayerCanUseChat --------- Co-authored-by: sogladev <sogladev@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: 天鹭 <18535853+PkllonG@users.noreply.github.com> Co-authored-by: ModoX <moardox@gmail.com> Co-authored-by: Shauren <shauren.trinity@gmail.com> Co-authored-by: Grimdhex <237474256+Grimdhex@users.noreply.github.com> Co-authored-by: sudlud <sudlud@users.noreply.github.com> Co-authored-by: dr-j <dr-j@users.noreply.github.com> Co-authored-by: Killyana <morphone1@gmail.com> Co-authored-by: Undo <50205200+UndoUreche@users.noreply.github.com> Co-authored-by: Andrew <47818697+Nyeriah@users.noreply.github.com> Co-authored-by: killerwife <killerwife@gmail.com> Co-authored-by: Tereneckla <Tereneckla@pm.me> Co-authored-by: Rocco Silipo <108557877+Rorschach91@users.noreply.github.com> Co-authored-by: Ryan Turner <16946913+TheSCREWEDSoftware@users.noreply.github.com> Co-authored-by: blinkysc <37940565+blinkysc@users.noreply.github.com> Co-authored-by: Francesco Borzì <borzifrancesco@gmail.com> Co-authored-by: Benjamin Jackson <38561765+heyitsbench@users.noreply.github.com> Co-authored-by: Traesh <Traesh@users.noreply.github.com> Co-authored-by: blinkysc <blinkysc@users.noreply.github.com>
124 lines
4.6 KiB
Markdown
124 lines
4.6 KiB
Markdown
<!--
|
|
Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
|
|
SPDX-License-Identifier: curl
|
|
-->
|
|
|
|
# TLS Certificate Verification
|
|
|
|
## Native vs file based
|
|
|
|
If curl was built with Schannel or Secure Transport support, then curl uses
|
|
the system native CA store for verification. All other TLS libraries use a
|
|
file based CA store by default.
|
|
|
|
## Verification
|
|
|
|
Every trusted server certificate is digitally signed by a Certificate
|
|
Authority, a CA.
|
|
|
|
In your local CA store you have a collection of certificates from *trusted*
|
|
certificate authorities that TLS clients like curl use to verify servers.
|
|
|
|
curl does certificate verification by default. This is done by verifying the
|
|
signature and making sure the certificate was crafted for the server name
|
|
provided in the URL.
|
|
|
|
If you communicate with HTTPS, FTPS or other TLS-using servers using
|
|
certificates signed by a CA whose certificate is present in the store, you can
|
|
be sure that the remote server really is the one it claims to be.
|
|
|
|
If the remote server uses a self-signed certificate, if you do not install a
|
|
CA cert store, if the server uses a certificate signed by a CA that is not
|
|
included in the store you use or if the remote host is an impostor
|
|
impersonating your favorite site, the certificate check fails and reports an
|
|
error.
|
|
|
|
If you think it wrongly failed the verification, consider one of the following
|
|
sections.
|
|
|
|
### Skip verification
|
|
|
|
Tell curl to *not* verify the peer with `-k`/`--insecure`.
|
|
|
|
We **strongly** recommend this is avoided and that even if you end up doing
|
|
this for experimentation or development, **never** skip verification in
|
|
production.
|
|
|
|
### Use a custom CA store
|
|
|
|
Get a CA certificate that can verify the remote server and use the proper
|
|
option to point out this CA cert for verification when connecting - for this
|
|
specific transfer only.
|
|
|
|
With the curl command line tool: `--cacert [file]`
|
|
|
|
If you use the curl command line tool without a native CA store, then you can
|
|
specify your own CA cert file by setting the environment variable
|
|
`CURL_CA_BUNDLE` to the path of your choice.
|
|
|
|
If you are using the curl command line tool on Windows, curl searches for a CA
|
|
cert file named `curl-ca-bundle.crt` in these directories and in this order:
|
|
1. application's directory
|
|
2. current working directory
|
|
3. Windows System directory (e.g. C:\Windows\System32)
|
|
4. Windows Directory (e.g. C:\Windows)
|
|
5. all directories along %PATH%
|
|
|
|
curl 8.11.0 added a build-time option to disable this search behavior, and
|
|
another option to restrict search to the application's directory.
|
|
|
|
### Use the native store
|
|
|
|
In several environments, in particular on Windows, you can ask curl to use the
|
|
system's native CA store when verifying the certificate.
|
|
|
|
With the curl command line tool: `--ca-native`.
|
|
|
|
### Modify the CA store
|
|
|
|
Add the CA cert for your server to the existing default CA certificate store.
|
|
|
|
Usually you can figure out the path to the local CA store by looking at the
|
|
verbose output that `curl -v` shows when you connect to an HTTPS site.
|
|
|
|
### Change curl's default CA store
|
|
|
|
The default CA certificate store curl uses is set at build time. When you
|
|
build curl you can point out your preferred path.
|
|
|
|
### Extract CA cert from a server
|
|
|
|
curl -w %{certs} https://example.com > cacert.pem
|
|
|
|
The certificate has `BEGIN CERTIFICATE` and `END CERTIFICATE` markers.
|
|
|
|
### Get the Mozilla CA store
|
|
|
|
Download a version of the Firefox CA store converted to PEM format on the [CA
|
|
Extract](https://curl.se/docs/caextract.html) page. It always features the
|
|
latest Firefox bundle.
|
|
|
|
## Native CA store
|
|
|
|
If curl was built with Schannel, Secure Transport or were instructed to use
|
|
the native CA Store, then curl uses the certificates that are built into the
|
|
OS. These are the same certificates that appear in the Internet Options
|
|
control panel (under Windows) or Keychain Access application (under macOS).
|
|
Any custom security rules for certificates are honored.
|
|
|
|
Schannel runs CRL checks on certificates unless peer verification is disabled.
|
|
Secure Transport on iOS runs OCSP checks on certificates unless peer
|
|
verification is disabled. Secure Transport on macOS runs either OCSP or CRL
|
|
checks on certificates if those features are enabled, and this behavior can be
|
|
adjusted in the preferences of Keychain Access.
|
|
|
|
## HTTPS proxy
|
|
|
|
curl can do HTTPS to the proxy separately from the connection to the server.
|
|
This TLS connection is handled and verified separately from the server
|
|
connection so instead of `--insecure` and `--cacert` to control the
|
|
certificate verification, you use `--proxy-insecure` and `--proxy-cacert`.
|
|
With these options, you make sure that the TLS connection and the trust of the
|
|
proxy can be kept totally separate from the TLS connection to the server.
|