diff options
author | Daniel Stenberg <daniel@haxx.se> | 2014-08-02 23:09:22 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2014-08-02 23:09:22 +0200 |
commit | e4f6adb023546d864a1548a28b08112c59d9e85a (patch) | |
tree | 3ebcca08adfb4f967fae1a101c0880dc8bad2d46 | |
parent | 8da21240603622ddddb88a12bd8307966c0ba6c1 (diff) |
CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it
-rw-r--r-- | docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 index ec158cc08..f2bad7464 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 @@ -51,6 +51,12 @@ typically also want to ensure that the server is the server you mean to be talking to. Use \fICURLOPT_SSL_VERIFYHOST(3)\fP for that. The check that the host name in the certificate is valid for the host name you're connecting to is done independently of the \fICURLOPT_SSL_VERIFYPEER(3)\fP option. + +WARNING: disabling verification of the certificate allows bad guys to +man-in-the-middle the communication without you knowing it. Disabling +verification makes the communication insecure. Just having encryption on a +transfer is not enough as you cannot be sure that you are communicating with +the correct end-point. .SH DEFAULT By default, curl assumes a value of 1. .SH PROTOCOLS |