I'm trying to figure out how the subject options relate to each other.
I found the following on the mailing is from 2003:

  VERIFYPEER is set to enable or disable peer certificate verify. If
  set to TRUE, you should also provide a cert path or dir using CAINFO
  or CAPATH.

  VERIFYHOST defines what kind of verify on the name in the peer
  certificate you want. The name in the cert is supposedly the same as
  the host name you're communicating to.

  Both these are documented in the curl_easy_setopt man page.

And I read that man page before searching the list.

I guess I don't understand SSL well enough to see what these do.
First of all, I don't know any other meaning of verifying a peer
certificate other than to verify that the certificate names the peer
to which you intend to be talking. Is there some other kind of
verification?

>From what I understand, some verification happens even when VERIFYPEER
is 0 -- if VERIFYHOST is not 0 too. So what does VERIFYPEER=0 turn
off?

VERIFYHOST=1 seems to be somewhat of a stretch of the term "verify".
Is that right? How would VERIFYHOST=1 be useful?

If someone can make me understand this, I'll write some words for the
man page that make it clear to people like me.

-- 
Bryan Henderson                                    Phone 408-621-2000
San Jose, California