curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Change doc for --insecure to say it doesn't apply to HTTPS-proxy?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 6 Mar 2017 09:33:56 +0100 (CET)

On Mon, 6 Mar 2017, Ray Satiro via curl-library wrote:

> Since the HTTPS proxy changes that is no longer true. HTTPS-proxy
> connections would need --proxy-insecure [2]. I wonder if the documentation
> should be changed, for example:
>
> 'This option explicitly allows curl to perform "insecure" SSL connections
> and transfers. All SSL connections are attempted to be made secure by using
> the CA certificate bundle installed by default. This makes all connections
> (except HTTPS-proxy) considered "insecure" fail unless -k, --insecure is
> used.
>
> To make HTTPS-proxy connections insecure use --proxy-insecure.'

I think we can rephrase it to be shorter and more to the point. My suggestion
(that especially uses the term "server connnections" to not include proxy
connections):

   By default, all SSL connections are verified to be secure. This option
   allows curl to proceed and operate even for server connections otherwise
   considered insecure.

If we want to, we could add a second paragraph detailing exactly what curl
does to verify the connection that --insecure switches off.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2017-03-06