1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 00:58:48 -05:00

CURLOPT_SSL_VERIFYPEER.3: Add performance note

Closes #2673
This commit is contained in:
Patrick Schlangen 2018-06-21 21:14:40 +02:00 committed by Daniel Stenberg
parent 4c901638b4
commit b6a16afa0a
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@ -57,6 +57,15 @@ man-in-the-middle the communication without you knowing it. Disabling
verification makes the communication insecure. Just having encryption on a
transfer is not enough as you cannot be sure that you are communicating with
the correct end-point.
NOTE: even when this option is disabled, depending on the used TLS backend,
curl may still load the certificate file specified in
\fICURLOPT_CAINFO(3)\fP. curl default settings in some distributions might
use quite a large file as a default setting for \fICURLOPT_CAINFO(3)\fP,
so loading the file can be quite expensive, especially when dealing
with many connections. Thus, in some situations, you might want to disable
verification fully to save resources by setting \fICURLOPT_CAINFO(3)\f to
NULL - but please also consider the warning above!
.SH DEFAULT
By default, curl assumes a value of 1.
.SH PROTOCOLS
@ -81,3 +90,4 @@ Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.BR CURLOPT_SSL_VERIFYHOST "(3), "
.BR CURLOPT_PROXY_SSL_VERIFYPEER "(3), "
.BR CURLOPT_PROXY_SSL_VERIFYHOST "(3), "
.BR CURLOPT_CAINFO "(3), "