curl-library
Re: curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Tue, 26 Oct 2004 10:03:24 +0200 (CEST)
Date: Tue, 26 Oct 2004 10:03:24 +0200 (CEST)
On Tue, 26 Oct 2004, [big5] 独河笷 wrote:
> Is there any security operation if I write "curl_easy_setopt(curl,
> CURLOPT_SSL_VERIFYPEER, FALSE);", after I read the doc about this option, I
> know it will not verify the server side certificate when estabilish
> connection. If so, if I transfer some data by this connection will it be
> protected ?
When not verifying the peer, you don't know that the peer is who it claims to
be, so you may in fact communicate with an impostor.
So yes, you will still get a SSL connection that is encrypted, but you may be
talking to someone else than you think it is.
-- Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se Dedicated custom curl help for hire: http://haxx.se/curl.htmlReceived on 2004-10-26