From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 2 Aug 2014 21:09:22 +0000 (+0200)
Subject: CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it
X-Git-Tag: curl-7_38_0~150
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e4f6adb023546d864a1548a28b08112c59d9e85a;p=thirdparty%2Fcurl.git

CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it
---

diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
index ec158cc08d..f2bad74643 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
@@ -51,6 +51,12 @@ typically also want to ensure that the server is the server you mean to be
 talking to.  Use \fICURLOPT_SSL_VERIFYHOST(3)\fP for that. The check that the
 host name in the certificate is valid for the host name you're connecting to
 is done independently of the \fICURLOPT_SSL_VERIFYPEER(3)\fP option.
+
+WARNING: disabling verification of the certificate allows bad guys to
+man-in-the-middle the communication without you knowing it. Disabling
+verification makes the communication insecure. Just having encryption on a
+transfer is not enough as you cannot be sure that you are communicating with
+the correct end-point.
 .SH DEFAULT
 By default, curl assumes a value of 1.
 .SH PROTOCOLS