diff options
author | Daniel Stenberg <daniel@haxx.se> | 2011-01-19 13:19:44 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2011-01-19 13:19:44 +0100 |
commit | 4f13340ab8be7baa0fe6210bb3a19b8994875fd8 (patch) | |
tree | d731ae4d86af9aefb4143b8493543c7907e921da /docs/libcurl | |
parent | b0940753c6139a77690138bcd557a7f57d3b2e5f (diff) |
CURLOPT_SSL_VERIFYPEER: more clarifications
The default value is 1.
curl _uses_ a default CA bundle, it doesn't install one.
Drop the references to 7.10 as that is now >8 years old!
Diffstat (limited to 'docs/libcurl')
-rw-r--r-- | docs/libcurl/curl_easy_setopt.3 | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index e6e412305..95772d2e3 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -1872,19 +1872,19 @@ Force SSLv2 Force SSLv3 .RE .IP CURLOPT_SSL_VERIFYPEER -Pass a long as parameter. +Pass a long as parameter. By default, curl assumes a value of 1. This option determines whether curl verifies the authenticity of the peer's -certificate. A value of 1 means curl verifies; zero means it doesn't. The -default is nonzero, but before 7.10, it was zero. +certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't. When negotiating an SSL connection, the server sends a certificate indicating its identity. Curl verifies whether the certificate is authentic, i.e. that you can trust that the server is who the certificate says it is. This trust is based on a chain of digital signatures, rooted in certification authority -(CA) certificates you supply. As of 7.10, curl installs a default bundle of -CA certificates and you can specify alternate certificates with the -\fICURLOPT_CAINFO\fP option or the \fICURLOPT_CAPATH\fP option. +(CA) certificates you supply. curl uses a default bundle of CA certificates +(the path for that is determined at build time) and you can specify alternate +certificates with the \fICURLOPT_CAINFO\fP option or the \fICURLOPT_CAPATH\fP +option. When \fICURLOPT_SSL_VERIFYPEER\fP is nonzero, and the verification fails to prove that the certificate is authentic, the connection fails. When the |