rpwolff/upterm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: add SSL-bypass fallback for Server 2016 cert chain issue

Browse Source
This commit is contained in:
Ralf-Peter Wolff
2026-05-04 12:22:35 +02:00
parent 13e7ccf6db
commit fefc975880
1 changed files with 43 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
setup-windows.ps1
View File

@ -1,4 +1,4 @@
# TLS 1.2 + alle Varianten aktivieren (Windows Server 2016 Kompatibilitaet) # TLS 1.2 + Fallback-Versionen aktivieren (Windows Server 2016)
[Net.ServicePointManager]::SecurityProtocol = ` [Net.ServicePointManager]::SecurityProtocol = `
[Net.SecurityProtocolType]::Tls12 -bor ` [Net.SecurityProtocolType]::Tls12 -bor `
[Net.SecurityProtocolType]::Tls11 -bor ` [Net.SecurityProtocolType]::Tls11 -bor `
@ -33,7 +33,7 @@ if ($policy -in @('Bypass', 'Unrestricted', 'RemoteSigned')) {
} catch { } catch {
$effective = Get-ExecutionPolicy $effective = Get-ExecutionPolicy
if ($effective -in @('Bypass', 'Unrestricted', 'RemoteSigned')) { if ($effective -in @('Bypass', 'Unrestricted', 'RemoteSigned')) {
Write-Host " GPO-Override - aktuelle Policy '$effective' ist ausreichend" Write-Host " GPO-Override - Policy '$effective' ist ausreichend"
} else { } else {
Write-Host "FEHLER: Execution Policy '$effective' blockiert Ausfuehrung." Write-Host "FEHLER: Execution Policy '$effective' blockiert Ausfuehrung."
Read-Host "Enter zum Beenden"; exit 1 Read-Host "Enter zum Beenden"; exit 1
@ -41,6 +41,43 @@ if ($policy -in @('Bypass', 'Unrestricted', 'RemoteSigned')) {
} }
} }
# Hilfsfunktion: Scoop-Installer herunterladen und ausfuehren
function Install-Scoop {
$url = 'https://get.scoop.sh'
$tmp = "$env:TEMP\scoop-install.ps1"
# Versuch 1: Invoke-RestMethod
try {
Invoke-RestMethod -Uri $url | Invoke-Expression
return $true
} catch {}
# Versuch 2: WebClient
try {
(New-Object System.Net.WebClient).DownloadString($url) | Invoke-Expression
return $true
} catch {}
# Versuch 3: WebClient mit SSL-Bypass (Windows Server 2016 fehlende Zertifikatskette)
Write-Host " Versuche SSL-Bypass fuer Scoop-Download (Server 2016)..."
$prevCb = [Net.ServicePointManager]::ServerCertificateValidationCallback
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
try {
(New-Object System.Net.WebClient).DownloadString($url) | Invoke-Expression
return $true
} catch {
Write-Host "FEHLER: Scoop-Download fehlgeschlagen: $_"
Write-Host ""
Write-Host "Moegliche Ursachen auf Windows Server 2016:"
Write-Host " - Fehlende Root-Zertifikate (Windows Update ausfuehren)"
Write-Host " - Proxy blockiert HTTPS"
Write-Host " - get.scoop.sh nicht erreichbar"
return $false
} finally {
[Net.ServicePointManager]::ServerCertificateValidationCallback = $prevCb
}
}
# 2. Scoop pruefen / installieren # 2. Scoop pruefen / installieren
Write-Host "[2/4] Pruefe Scoop..." Write-Host "[2/4] Pruefe Scoop..."
$scoopShims = "$env:USERPROFILE\scoop\shims" $scoopShims = "$env:USERPROFILE\scoop\shims"
@ -48,28 +85,9 @@ $scoopInstalled = (Test-Path "$scoopShims\scoop.ps1") -or (Test-Path "$scoopShim
if (-not $scoopInstalled) { if (-not $scoopInstalled) {
Write-Host " Scoop nicht gefunden - wird installiert..." Write-Host " Scoop nicht gefunden - wird installiert..."
if (-not (Install-Scoop)) {
$installed = $false Read-Host "Enter zum Beenden"; exit 1
# Versuch 1: Invoke-RestMethod
try {
Invoke-RestMethod -Uri https://get.scoop.sh | Invoke-Expression
$installed = $true
} catch {
Write-Host " Invoke-RestMethod fehlgeschlagen ($_), versuche WebClient..."
} }
# Versuch 2: WebClient (anderer TLS-Stack)
if (-not $installed) {
try {
(New-Object System.Net.WebClient).DownloadString('https://get.scoop.sh') | Invoke-Expression
$installed = $true
} catch {
Write-Host "FEHLER: Scoop-Download fehlgeschlagen: $_"
Write-Host "Netzwerk oder SSL/TLS pruefen."
Read-Host "Enter zum Beenden"; exit 1
}
}
# Pruefen ob Scoop wirklich da ist
if (-not ((Test-Path "$scoopShims\scoop.ps1") -or (Test-Path "$scoopShims\scoop.cmd"))) { if (-not ((Test-Path "$scoopShims\scoop.ps1") -or (Test-Path "$scoopShims\scoop.cmd"))) {
Write-Host "FEHLER: Scoop-Installation fehlgeschlagen (Verzeichnis fehlt)." Write-Host "FEHLER: Scoop-Installation fehlgeschlagen (Verzeichnis fehlt)."
Read-Host "Enter zum Beenden"; exit 1 Read-Host "Enter zum Beenden"; exit 1
@ -88,20 +106,14 @@ if ($env:PATH -notlike "*$scoopShims*") {
Write-Host "[3/4] Installiere 7zip via lessmsi..." Write-Host "[3/4] Installiere 7zip via lessmsi..."
scoop config use_lessmsi true scoop config use_lessmsi true
$7zipOk = $false $7zipOk = $false
try { try { scoop install 7zip 2>&1 | Out-Null; $7zipOk = $true } catch {}
scoop install 7zip 2>&1 | Out-Null
$7zipOk = $true
} catch {}
if (-not $7zipOk) { if (-not $7zipOk) {
Write-Host " 7zip fehlgeschlagen - bereinige und versuche erneut..." Write-Host " 7zip fehlgeschlagen - bereinige und versuche erneut..."
try { scoop uninstall 7zip } catch {} try { scoop uninstall 7zip } catch {}
try { scoop cache rm 7zip } catch {} try { scoop cache rm 7zip } catch {}
Remove-Item -Recurse -Force "$env:USERPROFILE\scoop\apps\7zip" -ErrorAction SilentlyContinue Remove-Item -Recurse -Force "$env:USERPROFILE\scoop\apps\7zip" -ErrorAction SilentlyContinue
try { try { scoop install 7zip; $7zipOk = $true } catch {
scoop install 7zip
$7zipOk = $true
} catch {
Write-Host "FEHLER: 7zip konnte nicht installiert werden: $_" Write-Host "FEHLER: 7zip konnte nicht installiert werden: $_"
Read-Host "Enter zum Beenden"; exit 1 Read-Host "Enter zum Beenden"; exit 1
} }