nss: do not ignore value of CURLOPT_SSL_VERIFYPEER

When NSS-powered libcurl connected to a SSL server with CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer certificate was accepted by libcurl and did not ask the second time when connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one. This patch turns off the SSL session cache for the particular SSL socket if peer verification is disabled. In order to avoid any performance impact, the peer verification is completely skipped in that case, which makes it even faster than before. Bug: https://bugzilla.redhat.com/678580
author: Kamil Dudka <kdudka@redhat.com> 2011-03-15 14:52:26 +0100
committer: Kamil Dudka <kdudka@redhat.com> 2011-03-15 15:48:24 +0100
commit: 806dbb022b8a595405a740131a30fa0cf4523645 (patch)
tree: 2e8b7c861c078903d57acb67c1d08c33b73920fe /docs/libcurl
parent: 5a433a033ffc8b489a8edc14c4505d0c47a63df6 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 56a54a9db..2dd536cf5 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -2007,7 +2007,10 @@ The default value for this option is 2.
 
 This option controls checking the server's certificate's claimed identity.
 The server could be lying.  To control lying, see
-\fICURLOPT_SSL_VERIFYPEER\fP.
+\fICURLOPT_SSL_VERIFYPEER\fP.  If libcurl is built against NSS and
+\fICURLOPT_SSL_VERIFYPEER\fP is zero, \fICURLOPT_SSL_VERIFYHOST\fP
+is ignored.
+
 .IP CURLOPT_CERTINFO
 Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
 this enabled, libcurl (if built with OpenSSL) will extract lots of information
author	Kamil Dudka <kdudka@redhat.com>	2011-03-15 14:52:26 +0100
committer	Kamil Dudka <kdudka@redhat.com>	2011-03-15 15:48:24 +0100
commit	806dbb022b8a595405a740131a30fa0cf4523645 (patch)
tree	2e8b7c861c078903d57acb67c1d08c33b73920fe /docs/libcurl
parent	5a433a033ffc8b489a8edc14c4505d0c47a63df6 (diff)