[svn] Explain certificate checking in more detail.

doc/ChangeLog

@@ -1,3 +1,8 @@
+2005-05-11  Hrvoje Niksic  <hniksic@xemacs.org>
+
+	* wget.texi (HTTPS (SSL/TLS) Options): Explain certificate
+	checking in more detail.
+
 2005-05-08  Hrvoje Niksic  <hniksic@xemacs.org>
 
 	* texi2pod.pl.in: Allow an "EXAMPLES" section.

doc/wget.texi

@@ -1369,9 +1369,26 @@ quite rare.
 
 @cindex SSL certificate, check
 @item --no-check-certificate
-Don't check the server certificate against the available client
-authorities.  If this is not specified, Wget will break the SSL
-handshake if the server certificate is not valid.
+Don't check the server certificate against the available certificate
+authorities.  Also don't require the URL host name to match the common
+name presented by the certificate.
+
+As of Wget 1.10, the default is to verify the server's certificate
+against the recognized certificate authorities, breaking the SSL
+handshake and aborting the download if the verification fails.
+Although this provides more secure downloads, it does break
+interoperability with some sites that worked with previous Wget
+versions, particularly those using self-signed, expired, or otherwise
+invalid certificates.  This option forces an ``insecure'' mode of
+operation that turns the certificate verification errors into warnings
+and allows you to proceed.
+
+If you see errors involving ``certificate verify failed'' or ``common
+name doesn't match requested host name'', you need to use this option
+to proceed with the download.  @emph{Only use this option if you are
+otherwise convinced of the site's authenticity, or if you don't care
+about the certificate validity.}  It is almost always a bad idea to
+use this option when transmitting confidential or important data.
 
 @cindex SSL certificate
 @item --certificate=@var{file}