aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomas Hoger <thoger@redhat.com>2013-11-11 16:20:14 +0100
committerKamil Dudka <kdudka@redhat.com>2013-11-12 17:03:13 +0100
commitd7d8a8f922d54ade66dfd17e1fe2676587bb5f9a (patch)
treed7d2e62e556e455a10914a43cd988d8b3f4a25e8
parentc19cfb79db234edecf46d33b4ab77d57712b2293 (diff)
curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
- better describe what happens when 1 is specified as parameter - clarify what "is ignored" means for NSS builds
-rw-r--r--docs/libcurl/curl_easy_setopt.312
1 files changed, 6 insertions, 6 deletions
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 2887483af..fb22306eb 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -2532,9 +2532,10 @@ Curl considers the server the intended one when the Common Name field or a
Subject Alternate Name field in the certificate matches the host name in the
URL to which you told Curl to connect.
-When the value is 1, libcurl will return a failure. It was previously (in
-7.28.0 and earlier) a debug option of some sorts, but it is no longer
-supported due to frequently leading to programmer mistakes.
+When the value is 1, \fIcurl_easy_setopt\fP will return an error and the option
+value will not be changed. It was previously (in 7.28.0 and earlier) a debug
+option of some sorts, but it is no longer supported due to frequently leading
+to programmer mistakes.
When the value is 0, the connection succeeds regardless of the names in the
certificate.
@@ -2544,9 +2545,8 @@ The default value for this option is 2.
This option controls checking the server's certificate's claimed identity.
The server could be lying. To control lying, see
\fICURLOPT_SSL_VERIFYPEER\fP. If libcurl is built against NSS and
-\fICURLOPT_SSL_VERIFYPEER\fP is zero, \fICURLOPT_SSL_VERIFYHOST\fP
-is ignored.
-
+\fICURLOPT_SSL_VERIFYPEER\fP is zero, \fICURLOPT_SSL_VERIFYHOST\fP is also set
+to zero and cannot be overridden.
.IP CURLOPT_CERTINFO
Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
this enabled, libcurl (if built with OpenSSL, NSS, GSKit or QsoSSL) will