the -s/--silent option to cURL isn't related to cert validation; remove it from the...

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/trojans/csd-post.sh b/trojans/csd-post.sh
index 8207a61bf50719a8cca3b733d78bde8b19733244..b698bed60fa140832ef74107ff675f337b46388c 100755 (executable)
--- a/trojans/csd-post.sh
+++ b/trojans/csd-post.sh
@@ -87,11 +87,11 @@ done
 
 if [[ "$INSECURE" == "true" ]]; then
     # Don't validate server certificate at all
-    PINNEDPUBKEY="-s -k"
+    PINNEDPUBKEY="-k"
 else
     # Validate certificate using pin-sha256 value in CSD_SHA256, or fallback to
     # cURL's default certificate validation if not set.
-    PINNEDPUBKEY="-s ${CSD_SHA256:+"-k --pinnedpubkey sha256//$CSD_SHA256"}"
+    PINNEDPUBKEY="${CSD_SHA256:+"-k --pinnedpubkey sha256//$CSD_SHA256"}"
 fi
 
 URL="https://$CSD_HOSTNAME/+CSCOE+/sdesktop/token.xml?ticket=$TICKET&stub=$STUB"
@@ -171,7 +171,7 @@ fi
 COOKIE_HEADER="Cookie: sdesktop=$TOKEN"
 CONTENT_HEADER="Content-Type: text/xml"
 URL="https://$CSD_HOSTNAME/+CSCOE+/sdesktop/scan.xml?reusebrowser=1"
-curl $PINNEDPUBKEY -H "$CONTENT_HEADER" -H "$COOKIE_HEADER" -H 'Expect: ' --data-binary @$RESPONSE "$URL" > $RESULT
+curl $PINNEDPUBKEY -s -H "$CONTENT_HEADER" -H "$COOKIE_HEADER" -H 'Expect: ' --data-binary @$RESPONSE "$URL" > $RESULT
 
 cat $RESULT || :
 

diff --git a/trojans/csd-wrapper.sh b/trojans/csd-wrapper.sh
index be973a44e1d18bb8ab63626d9800239e2969f0cf..1dbedb08e9a5cc4e7e0f861853d7bb14f5d0beb5 100755 (executable)
--- a/trojans/csd-wrapper.sh
+++ b/trojans/csd-wrapper.sh
@@ -25,9 +25,9 @@ if [[ "$INSECURE" == "true" ]]; then
     echo "*********************************************************************" >&2
     echo "WARNING: running insecurely; will not validate CSD server certificate" >&2
     echo "*********************************************************************" >&2
-    PINNEDPUBKEY="-s -k"
+    PINNEDPUBKEY="-k"
 else
-    PINNEDPUBKEY="-s ${CSD_SHA256:+"-k --pinnedpubkey sha256//$CSD_SHA256"}"
+    PINNEDPUBKEY="${CSD_SHA256:+"-k --pinnedpubkey sha256//$CSD_SHA256"}"
 fi
 
 BINS=("cscan" "cstub" "cnotify")
@@ -70,7 +70,7 @@ for dir in $HOSTSCAN_DIR $LIB_DIR $BIN_DIR ; do
 done
 
 # getting manifest, and checking binaries
-curl $PINNEDPUBKEY "${URL}/sdesktop/hostscan/$ARCH/manifest" -o "$HOSTSCAN_DIR/manifest"
+curl $PINNEDPUBKEY -s "${URL}/sdesktop/hostscan/$ARCH/manifest" -o "$HOSTSCAN_DIR/manifest"
 
 # generating md5.sum with full paths from manifest
 export HOSTSCAN_DIR=$HOSTSCAN_DIR
@@ -109,7 +109,7 @@ while read HASHTYPE FILE EQU HASHVAL; do
        echo "Downloading: $FILE"
        TMPFILE="${PATHNAME}.tmp"
 
-        curl $PINNEDPUBKEY "${URL}/sdesktop/hostscan/$ARCH/$FILE" -o "${TMPFILE}"
+        curl $PINNEDPUBKEY -s "${URL}/sdesktop/hostscan/$ARCH/$FILE" -o "${TMPFILE}"
 
         # some files are in gz (don't understand logic here)
         if [[ ! -f "${TMPFILE}" || ! -s "${TMPFILE}" ]]
@@ -121,7 +121,7 @@ while read HASHTYPE FILE EQU HASHVAL; do
 
             echo "Failure on $FILE, trying gz"
             FILE_GZ="${TMPFILE}.gz"
-            curl $PINNEDPUBKEY "${URL}/sdesktop/hostscan/$ARCH/$FILE_GZ" -o "${FILE_GZ}" &&
+            curl $PINNEDPUBKEY -s "${URL}/sdesktop/hostscan/$ARCH/$FILE_GZ" -o "${FILE_GZ}" &&
                gunzip --verbose --decompress "${FILE_GZ}"
         fi