On Mon, 6 Mar 2017, Ray Satiro via curl-library wrote:

> Since the HTTPS proxy changes that is no longer true. HTTPS-proxy
> connections would need --proxy-insecure [2]. I wonder if the documentation
> should be changed, for example:
>
> 'This option explicitly allows curl to perform "insecure" SSL connections
> and transfers. All SSL connections are attempted to be made secure by using
> the CA certificate bundle installed by default. This makes all connections
> (except HTTPS-proxy) considered "insecure" fail unless -k, --insecure is
> used.
>
> To make HTTPS-proxy connections insecure use --proxy-insecure.'

I think we can rephrase it to be shorter and more to the point. My suggestion
(that especially uses the term "server connnections" to not include proxy
connections):

   By default, all SSL connections are verified to be secure. This option
   allows curl to proceed and operate even for server connections otherwise
   considered insecure.

If we want to, we could add a second paragraph detailing exactly what curl
does to verify the connection that --insecure switches off.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html