From 3f8ba3a986f56bac535faa82fad5a32200869116 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 2 Dec 2002 06:47:16 +0000 Subject: clarified SSL_VERIFYPEER and SSL_VERIFYHOST a bit, thanks to Soren Spies --- docs/libcurl/curl_easy_setopt.3 | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index 8ecebd36e..423d29b7d 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -712,10 +712,13 @@ Pass a long as parameter. Set what version of SSL to attempt to use, 2 or servers make this difficult why you at times may have to use this option. .TP .B CURLOPT_SSL_VERIFYPEER -Pass a long that is set to a non-zero value to make curl verify the peer's -certificate. The certificate to verify against must be specified with the -CURLOPT_CAINFO option (Added in 7.4.2) or a certificate directory must be specified -with the CURLOPT_CAPATH option (Added in 7.9.8). +Pass a long that is set to a zero value to stop curl from verifying the peer's +certificate (7.10 starting setting this option to TRUE by default). Alternate +certificates to verify against can be specified with the CURLOPT_CAINFO option +(Added in 7.4.2) or a certificate directory can be specified with the +CURLOPT_CAPATH option (Added in 7.9.8). As of 7.10, curl installs a default +bundle. CURLOPT_SSL_VERIFYHOST may also need to be set to 1 or 0 if +CURLOPT_SSL_VERIFYPEER is disabled (it defaults to 2). .TP .B CURLOPT_CAINFO Pass a char * to a zero terminated string naming a file holding one or more @@ -742,7 +745,8 @@ socket. It will be used to seed the random engine for SSL. .B CURLOPT_SSL_VERIFYHOST Pass a long. Set if we should verify the Common name from the peer certificate in the SSL handshake, set 1 to check existence, 2 to ensure that it matches -the provided hostname. (Added in 7.8.1) +the provided hostname. This is by default set to 2. (Added in 7.8.1, default +changed in 7.10) .TP .B CURLOPT_SSL_CIPHER_LIST Pass a char *, pointing to a zero terminated string holding the list of -- cgit v1.2.3