diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2015-07-17 02:40:16 -0400 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2015-07-17 02:40:16 -0400 |
commit | 172b2beba6b89b632c09be7a88645e3a0607cfe9 (patch) | |
tree | 96d0a159f3ce04f202fb20a939d5999fd3a3eca5 /docs/SSL-PROBLEMS | |
parent | 606b29fe0d07144ff13c3a731eef299b72060f91 (diff) |
SSL: Add an option to disable certificate revocation checks
New tool option --ssl-no-revoke.
New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.
Currently this option applies only to WinSSL where we have automatic
certificate revocation checking by default. According to the
ssl-compared chart there are other backends that have automatic checking
(NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
some later point.
Bug: https://github.com/bagder/curl/issues/264
Reported-by: zenden2k <zenden2k@gmail.com>
Diffstat (limited to 'docs/SSL-PROBLEMS')
-rw-r--r-- | docs/SSL-PROBLEMS | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/SSL-PROBLEMS b/docs/SSL-PROBLEMS index 5a56d3da5..45faa241c 100644 --- a/docs/SSL-PROBLEMS +++ b/docs/SSL-PROBLEMS @@ -71,3 +71,17 @@ Allow BEAST introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability but on the other hand it allows curl to connect to that kind of strange servers. + +Disabling certificate revocation checks + + Some SSL backends may do certificate revocation checks (CRL, OCSP, etc) + depending on the OS or build configuration. The --ssl-no-revoke option was + introduced in 7.44.0 to disable revocation checking but currently is only + supported for WinSSL (the native Windows SSL library), with an exception in + the case of Windows' Untrusted Publishers blacklist which it seems can't be + bypassed. This option may have broader support to accommodate other SSL + backends in the future. + + References: + + http://curl.haxx.se/docs/ssl-compared.html |