From 4f13340ab8be7baa0fe6210bb3a19b8994875fd8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 19 Jan 2011 13:19:44 +0100 Subject: CURLOPT_SSL_VERIFYPEER: more clarifications The default value is 1. curl _uses_ a default CA bundle, it doesn't install one. Drop the references to 7.10 as that is now >8 years old! --- docs/libcurl/curl_easy_setopt.3 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'docs') diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index e6e412305..95772d2e3 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -1872,19 +1872,19 @@ Force SSLv2 Force SSLv3 .RE .IP CURLOPT_SSL_VERIFYPEER -Pass a long as parameter. +Pass a long as parameter. By default, curl assumes a value of 1. This option determines whether curl verifies the authenticity of the peer's -certificate. A value of 1 means curl verifies; zero means it doesn't. The -default is nonzero, but before 7.10, it was zero. +certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't. When negotiating an SSL connection, the server sends a certificate indicating its identity. Curl verifies whether the certificate is authentic, i.e. that you can trust that the server is who the certificate says it is. This trust is based on a chain of digital signatures, rooted in certification authority -(CA) certificates you supply. As of 7.10, curl installs a default bundle of -CA certificates and you can specify alternate certificates with the -\fICURLOPT_CAINFO\fP option or the \fICURLOPT_CAPATH\fP option. +(CA) certificates you supply. curl uses a default bundle of CA certificates +(the path for that is determined at build time) and you can specify alternate +certificates with the \fICURLOPT_CAINFO\fP option or the \fICURLOPT_CAPATH\fP +option. When \fICURLOPT_SSL_VERIFYPEER\fP is nonzero, and the verification fails to prove that the certificate is authentic, the connection fails. When the -- cgit v1.2.3