aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2002-12-04 09:53:09 +0000
committerDaniel Stenberg <daniel@haxx.se>2002-12-04 09:53:09 +0000
commite1c01af929bb24375d72ecb264714d2f49216612 (patch)
treeb3aa73112b9210ecd33aa670488ee52b67276e06
parent7ef749497d5abbee926200d744dfc27cb4e030f8 (diff)
called SSLCERTS now
-rw-r--r--UPGRADE34
1 files changed, 0 insertions, 34 deletions
diff --git a/UPGRADE b/UPGRADE
deleted file mode 100644
index c5e36c26b..000000000
--- a/UPGRADE
+++ /dev/null
@@ -1,34 +0,0 @@
-Upgrading to curl/libcurl 7.10 from any previous version
-========================================================
-
-libcurl 7.10 performs peer SSL certificate verification by default. This is
-done by installing a default CA cert bundle on 'make install' (or similar),
-that CA bundle package is used by default on operations against SSL servers.
-
-Alas, if you communicate with HTTPS servers using certifcates that are signed
-by CAs present in the bundle, you will not notice any changed behavior and you
-will seeminglessly get a higher security level on your SSL connections since
-can be sure that the remote server really is the one it claims to be.
-
-If the remote server uses a self-signed certificate, or if you don't install
-curl's CA cert bundle or if it uses a certificate signed by a CA that isn't
-included in the bundle, then you need to do one of the following:
-
- 1. Tell libcurl to *not* verify the peer. With libcurl you disable with with
- curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
-
- With the curl command tool, you disable this with -k/--insecure.
-
- 2. Get a CA certificate that can verify the remote server and use the proper
- option to point out this CA cert for verification when connecting. For
- libcurl hackers: curl_easy_setopt(curl, CURLOPT_CAPATH, capath);
-
- With the curl command tool: --cacert [file]
-
-This upgrade procedure has been deemed The Right Thing even though it adds
-this extra trouble for some users, since it adds security to a majority of the
-SSL connections that previously weren't really secure.
-
-It turned out many people were using previous versions of curl/libcurl without
-realizing the need for the CA cert options to get truly secure SSL
-connections.