aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2014-08-02 23:09:22 +0200
committerDaniel Stenberg <daniel@haxx.se>2014-08-02 23:09:22 +0200
commite4f6adb023546d864a1548a28b08112c59d9e85a (patch)
tree3ebcca08adfb4f967fae1a101c0880dc8bad2d46
parent8da21240603622ddddb88a12bd8307966c0ba6c1 (diff)
CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it
-rw-r--r--docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.36
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
index ec158cc08..f2bad7464 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
@@ -51,6 +51,12 @@ typically also want to ensure that the server is the server you mean to be
talking to. Use \fICURLOPT_SSL_VERIFYHOST(3)\fP for that. The check that the
host name in the certificate is valid for the host name you're connecting to
is done independently of the \fICURLOPT_SSL_VERIFYPEER(3)\fP option.
+
+WARNING: disabling verification of the certificate allows bad guys to
+man-in-the-middle the communication without you knowing it. Disabling
+verification makes the communication insecure. Just having encryption on a
+transfer is not enough as you cannot be sure that you are communicating with
+the correct end-point.
.SH DEFAULT
By default, curl assumes a value of 1.
.SH PROTOCOLS