CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it

author: Daniel Stenberg <daniel@haxx.se> 2014-08-02 23:09:22 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2014-08-02 23:09:22 +0200
commit: e4f6adb023546d864a1548a28b08112c59d9e85a (patch)
tree: 3ebcca08adfb4f967fae1a101c0880dc8bad2d46 /docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
parent: 8da21240603622ddddb88a12bd8307966c0ba6c1 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
index ec158cc08..f2bad7464 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
@@ -51,6 +51,12 @@ typically also want to ensure that the server is the server you mean to be
 talking to.  Use \fICURLOPT_SSL_VERIFYHOST(3)\fP for that. The check that the
 host name in the certificate is valid for the host name you're connecting to
 is done independently of the \fICURLOPT_SSL_VERIFYPEER(3)\fP option.
+
+WARNING: disabling verification of the certificate allows bad guys to
+man-in-the-middle the communication without you knowing it. Disabling
+verification makes the communication insecure. Just having encryption on a
+transfer is not enough as you cannot be sure that you are communicating with
+the correct end-point.
 .SH DEFAULT
 By default, curl assumes a value of 1.
 .SH PROTOCOLS
author	Daniel Stenberg <daniel@haxx.se>	2014-08-02 23:09:22 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2014-08-02 23:09:22 +0200
commit	e4f6adb023546d864a1548a28b08112c59d9e85a (patch)
tree	3ebcca08adfb4f967fae1a101c0880dc8bad2d46 /docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
parent	8da21240603622ddddb88a12bd8307966c0ba6c1 (diff)