curl / Mailing Lists / curl-library / Single Mail


Re: Change doc for --insecure to say it doesn't apply to HTTPS-proxy?

From: Daniel Stenberg <>
Date: Mon, 6 Mar 2017 09:33:56 +0100 (CET)

On Mon, 6 Mar 2017, Ray Satiro via curl-library wrote:

> Since the HTTPS proxy changes that is no longer true. HTTPS-proxy
> connections would need --proxy-insecure [2]. I wonder if the documentation
> should be changed, for example:
> 'This option explicitly allows curl to perform "insecure" SSL connections
> and transfers. All SSL connections are attempted to be made secure by using
> the CA certificate bundle installed by default. This makes all connections
> (except HTTPS-proxy) considered "insecure" fail unless -k, --insecure is
> used.
> To make HTTPS-proxy connections insecure use --proxy-insecure.'

I think we can rephrase it to be shorter and more to the point. My suggestion
(that especially uses the term "server connnections" to not include proxy

   By default, all SSL connections are verified to be secure. This option
   allows curl to proceed and operate even for server connections otherwise
   considered insecure.

If we want to, we could add a second paragraph detailing exactly what curl
does to verify the connection that --insecure switches off.

Received on 2017-03-06