diff options
Diffstat (limited to 'docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3')
-rw-r--r-- | docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 | 97 |
1 files changed, 0 insertions, 97 deletions
diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 deleted file mode 100644 index e26233e84..000000000 --- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 +++ /dev/null @@ -1,97 +0,0 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_SSL_VERIFYPEER 3 "17 Jun 2014" libcurl libcurl -.SH NAME -CURLOPT_SSL_VERIFYPEER \- verify the peer's SSL certificate -.SH SYNOPSIS -.nf -#include <curl/curl.h> - -CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYPEER, long verify); -.fi -.SH DESCRIPTION -Pass a long as parameter to enable or disable. - -This option determines whether curl verifies the authenticity of the peer's -certificate. A value of 1 means curl verifies; 0 (zero) means it does not. - -When negotiating a TLS or SSL connection, the server sends a certificate -indicating its identity. Curl verifies whether the certificate is authentic, -i.e. that you can trust that the server is who the certificate says it is. -This trust is based on a chain of digital signatures, rooted in certification -authority (CA) certificates you supply. curl uses a default bundle of CA -certificates (the path for that is determined at build time) and you can -specify alternate certificates with the \fICURLOPT_CAINFO(3)\fP option or the -\fICURLOPT_CAPATH(3)\fP option. - -When \fICURLOPT_SSL_VERIFYPEER(3)\fP is enabled, and the verification fails to -prove that the certificate is signed by a CA, the connection fails. - -When this option is disabled (set to zero), the CA certificates are not loaded -and the peer certificate verification is simply skipped. - -Authenticating the certificate is not enough to be sure about the server. You -typically also want to ensure that the server is the server you mean to be -talking to. Use \fICURLOPT_SSL_VERIFYHOST(3)\fP for that. The check that the -host name in the certificate is valid for the host name you are connecting to -is done independently of the \fICURLOPT_SSL_VERIFYPEER(3)\fP option. - -WARNING: disabling verification of the certificate allows bad guys to -man-in-the-middle the communication without you knowing it. Disabling -verification makes the communication insecure. Just having encryption on a -transfer is not enough as you cannot be sure that you are communicating with -the correct end-point. - -When libcurl uses secure protocols it trusts responses and allows for example -HSTS and Alt-Svc information to be stored and used subsequently. Disabling -certificate verification can make libcurl trust and use such information from -malicious servers. -.SH DEFAULT -1 - enabled -.SH PROTOCOLS -All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. -.SH EXAMPLE -.nf -CURL *curl = curl_easy_init(); -if(curl) { - curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); - - /* Set the default value: strict certificate check please */ - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L); - - curl_easy_perform(curl); -} -.fi -.SH AVAILABILITY -If built TLS enabled. -.SH RETURN VALUE -Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. -.SH "SEE ALSO" -.BR CURLOPT_SSL_VERIFYHOST (3), -.BR CURLOPT_PROXY_SSL_VERIFYPEER (3), -.BR CURLOPT_PROXY_SSL_VERIFYHOST (3), -.BR CURLOPT_CAINFO (3), -.BR CURLINFO_CAINFO (3), -.BR CURLINFO_CAPATH (3) |