diff options
Diffstat (limited to 'docs/SSL-PROBLEMS')
| -rw-r--r-- | docs/SSL-PROBLEMS | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/SSL-PROBLEMS b/docs/SSL-PROBLEMS index 5a56d3da5..45faa241c 100644 --- a/docs/SSL-PROBLEMS +++ b/docs/SSL-PROBLEMS @@ -71,3 +71,17 @@ Allow BEAST introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability but on the other hand it allows curl to connect to that kind of strange servers. + +Disabling certificate revocation checks + + Some SSL backends may do certificate revocation checks (CRL, OCSP, etc) + depending on the OS or build configuration. The --ssl-no-revoke option was + introduced in 7.44.0 to disable revocation checking but currently is only + supported for WinSSL (the native Windows SSL library), with an exception in + the case of Windows' Untrusted Publishers blacklist which it seems can't be + bypassed. This option may have broader support to accommodate other SSL + backends in the future. + + References: + + http://curl.haxx.se/docs/ssl-compared.html |