CURLOPT_SSL_VERIFYPEER.3: Add performance note

Closes #2673
2018-06-21 21:14:40 +02:00 · 2018-06-21 21:14:40 +02:00 · b6a16afa0a
parent 4c901638b4
commit b6a16afa0a
1 changed files with 11 additions and 1 deletions
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@ -57,6 +57,15 @@ man-in-the-middle the communication without you knowing it. Disabling
 verification makes the communication insecure. Just having encryption on a
 transfer is not enough as you cannot be sure that you are communicating with
 the correct end-point.
+
+NOTE: even when this option is disabled, depending on the used TLS backend,
+curl may still load the certificate file specified in
+\fICURLOPT_CAINFO(3)\fP. curl default settings in some distributions might
+use quite a large file as a default setting for \fICURLOPT_CAINFO(3)\fP,
+so loading the file can be quite expensive, especially when dealing
+with many connections. Thus, in some situations, you might want to disable
+verification fully to save resources by setting \fICURLOPT_CAINFO(3)\f to
+NULL - but please also consider the warning above!
 .SH DEFAULT
 By default, curl assumes a value of 1.
 .SH PROTOCOLS
@ -81,3 +90,4 @@ Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .BR CURLOPT_SSL_VERIFYHOST "(3), "
 .BR CURLOPT_PROXY_SSL_VERIFYPEER "(3), "
 .BR CURLOPT_PROXY_SSL_VERIFYHOST "(3), "
+.BR CURLOPT_CAINFO "(3), "