aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2002-12-02 06:47:16 +0000
committerDaniel Stenberg <daniel@haxx.se>2002-12-02 06:47:16 +0000
commit3f8ba3a986f56bac535faa82fad5a32200869116 (patch)
tree5745c6d7e5107471895f8c66885d0132a073296e /docs
parent4a555de1b22404d72467fc43611bc58acd797967 (diff)
clarified SSL_VERIFYPEER and SSL_VERIFYHOST a bit, thanks to Soren Spies
Diffstat (limited to 'docs')
-rw-r--r--docs/libcurl/curl_easy_setopt.314
1 files changed, 9 insertions, 5 deletions
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 8ecebd36e..423d29b7d 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -712,10 +712,13 @@ Pass a long as parameter. Set what version of SSL to attempt to use, 2 or
servers make this difficult why you at times may have to use this option.
.TP
.B CURLOPT_SSL_VERIFYPEER
-Pass a long that is set to a non-zero value to make curl verify the peer's
-certificate. The certificate to verify against must be specified with the
-CURLOPT_CAINFO option (Added in 7.4.2) or a certificate directory must be specified
-with the CURLOPT_CAPATH option (Added in 7.9.8).
+Pass a long that is set to a zero value to stop curl from verifying the peer's
+certificate (7.10 starting setting this option to TRUE by default). Alternate
+certificates to verify against can be specified with the CURLOPT_CAINFO option
+(Added in 7.4.2) or a certificate directory can be specified with the
+CURLOPT_CAPATH option (Added in 7.9.8). As of 7.10, curl installs a default
+bundle. CURLOPT_SSL_VERIFYHOST may also need to be set to 1 or 0 if
+CURLOPT_SSL_VERIFYPEER is disabled (it defaults to 2).
.TP
.B CURLOPT_CAINFO
Pass a char * to a zero terminated string naming a file holding one or more
@@ -742,7 +745,8 @@ socket. It will be used to seed the random engine for SSL.
.B CURLOPT_SSL_VERIFYHOST
Pass a long. Set if we should verify the Common name from the peer certificate
in the SSL handshake, set 1 to check existence, 2 to ensure that it matches
-the provided hostname. (Added in 7.8.1)
+the provided hostname. This is by default set to 2. (Added in 7.8.1, default
+changed in 7.10)
.TP
.B CURLOPT_SSL_CIPHER_LIST
Pass a char *, pointing to a zero terminated string holding the list of