diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2003-01-23 06:15:26 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2003-01-23 06:15:26 +0000 |
| commit | 5627cf71676eb4b5b4740d41a2c2ad75300b878c (patch) | |
| tree | 88c267908bc9851bb0be3a55b661cadbab2e747f | |
| parent | c05dae4a686f56007b7b853394e28d0955115d61 (diff) | |
mention what kind of error you may get if this is not followed
| -rw-r--r-- | SSLCERTS | 18 |
1 files changed, 11 insertions, 7 deletions
@@ -26,10 +26,14 @@ included in the bundle, then you need to do one of the following: With the curl command tool: --cacert [file] -This upgrade procedure has been deemed The Right Thing even though it adds -this extra trouble for some users, since it adds security to a majority of the -SSL connections that previously weren't really secure. - -It turned out many people were using previous versions of curl/libcurl without -realizing the need for the CA cert options to get truly secure SSL -connections. +Neglecting to use one of the above menthods when dealing with a server using a +certficate that isn't signed by one of the certficates in the installed CA +cert bundle, will cause SSL to report an error ("certificate verify failed") +during the handshake and SSL will then refuse further communication with that +server. + +This procedure has been deemed The Right Thing even though it adds this extra +trouble for some users, since it adds security to a majority of the SSL +connections that previously weren't really secure. It turned out many people +were using previous versions of curl/libcurl without realizing the need for +the CA cert options to get truly secure SSL connections. |