ChatGPT is fairly convincing at creating code. But, like with everything you have to be vigilant on what it suggests you do. As a test I asked ChatGPT to "Write me an example C application using libcurl using secure HTTPS connection to fetch a file and save it locally. Provide instructions on how to create a test HTTPS server with self-signed certificate, and how to configure the server and the C client application for testing."
ChatGPT was fairly good here. It provided example code that didn't outright disable certificate validation, but rather uses the self-signed certificate as the CA store:
const char *cert_file = "./server.crt"; // Self-signed certificate
...
curl_easy_setopt(curl, CURLOPT_CAINFO, cert_file); // Verify server certificate
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
This is a very good idea, as blanket disabling security is a big nono. The deployment instructions were also quite nice, creating a self-signed certificate with openssl, and then setting up the test website with python3 http.server like this:
mkdir -p server
echo "This is a test file." > server/testfile.txt
python3 -m http.server 8443 --bind 127.0.0.1 --certfile server.crt --keyfile server.key
Looks pretty nice, right?
Except that this is totally hallucinated and even if it wasn't, it'd be totally insecure in a multiuser system anyway.
Python3 http.server doesn't allow you to pass certfile and keyfile like specified. But lets omit that small detail and assume it did. What would be the problem then?
You'd be sharing your whole work directory to everyone else on the same host. Anyone else on the same host could grab all your files with: wget --no-check-certificate -r 127.0.0.1:8443
AI can be great, but never ever blindly trust the instructions provided by a LLM. They're not intelligent, but very good at pretending to be.