clarified SSL_VERIFYPEER and SSL_VERIFYHOST a bit, thanks to Soren Spies

1 files changed, 9 insertions, 5 deletions

diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 8ecebd36e..423d29b7d 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -712,10 +712,13 @@ Pass a long as parameter. Set what version of SSL to attempt to use, 2 or
 servers make this difficult why you at times may have to use this option.
 .TP
 .B CURLOPT_SSL_VERIFYPEER
-Pass a long that is set to a non-zero value to make curl verify the peer's
-certificate. The certificate to verify against must be specified with the
-CURLOPT_CAINFO option (Added in 7.4.2) or a certificate directory must be specified
-with the CURLOPT_CAPATH option (Added in 7.9.8).
+Pass a long that is set to a zero value to stop curl from verifying the peer's
+certificate (7.10 starting setting this option to TRUE by default).  Alternate
+certificates to verify against can be specified with the CURLOPT_CAINFO option
+(Added in 7.4.2) or a certificate directory can be specified with the
+CURLOPT_CAPATH option (Added in 7.9.8).  As of 7.10, curl installs a default
+bundle.  CURLOPT_SSL_VERIFYHOST may also need to be set to 1 or 0 if
+CURLOPT_SSL_VERIFYPEER is disabled (it defaults to 2).
 .TP
 .B CURLOPT_CAINFO
 Pass a char * to a zero terminated string naming a file holding one or more
@@ -742,7 +745,8 @@ socket. It will be used to seed the random engine for SSL.
 .B CURLOPT_SSL_VERIFYHOST
 Pass a long. Set if we should verify the Common name from the peer certificate
 in the SSL handshake, set 1 to check existence, 2 to ensure that it matches
-the provided hostname. (Added in 7.8.1)
+the provided hostname. This is by default set to 2. (Added in 7.8.1, default
+changed in 7.10)
 .TP
 .B CURLOPT_SSL_CIPHER_LIST
 Pass a char *, pointing to a zero terminated string holding the list of