diff options
author | Daniel Stenberg <daniel@haxx.se> | 2002-12-02 06:47:16 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2002-12-02 06:47:16 +0000 |
commit | 3f8ba3a986f56bac535faa82fad5a32200869116 (patch) | |
tree | 5745c6d7e5107471895f8c66885d0132a073296e /docs | |
parent | 4a555de1b22404d72467fc43611bc58acd797967 (diff) |
clarified SSL_VERIFYPEER and SSL_VERIFYHOST a bit, thanks to Soren Spies
Diffstat (limited to 'docs')
-rw-r--r-- | docs/libcurl/curl_easy_setopt.3 | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index 8ecebd36e..423d29b7d 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -712,10 +712,13 @@ Pass a long as parameter. Set what version of SSL to attempt to use, 2 or servers make this difficult why you at times may have to use this option. .TP .B CURLOPT_SSL_VERIFYPEER -Pass a long that is set to a non-zero value to make curl verify the peer's -certificate. The certificate to verify against must be specified with the -CURLOPT_CAINFO option (Added in 7.4.2) or a certificate directory must be specified -with the CURLOPT_CAPATH option (Added in 7.9.8). +Pass a long that is set to a zero value to stop curl from verifying the peer's +certificate (7.10 starting setting this option to TRUE by default). Alternate +certificates to verify against can be specified with the CURLOPT_CAINFO option +(Added in 7.4.2) or a certificate directory can be specified with the +CURLOPT_CAPATH option (Added in 7.9.8). As of 7.10, curl installs a default +bundle. CURLOPT_SSL_VERIFYHOST may also need to be set to 1 or 0 if +CURLOPT_SSL_VERIFYPEER is disabled (it defaults to 2). .TP .B CURLOPT_CAINFO Pass a char * to a zero terminated string naming a file holding one or more @@ -742,7 +745,8 @@ socket. It will be used to seed the random engine for SSL. .B CURLOPT_SSL_VERIFYHOST Pass a long. Set if we should verify the Common name from the peer certificate in the SSL handshake, set 1 to check existence, 2 to ensure that it matches -the provided hostname. (Added in 7.8.1) +the provided hostname. This is by default set to 2. (Added in 7.8.1, default +changed in 7.10) .TP .B CURLOPT_SSL_CIPHER_LIST Pass a char *, pointing to a zero terminated string holding the list of |