From 3f8ba3a986f56bac535faa82fad5a32200869116 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 2 Dec 2002 06:47:16 +0000
Subject: [PATCH] clarified SSL_VERIFYPEER and SSL_VERIFYHOST a bit, thanks to
 Soren Spies

---
 docs/libcurl/curl_easy_setopt.3 | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 8ecebd36e9..423d29b7d5 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -712,10 +712,13 @@ Pass a long as parameter. Set what version of SSL to attempt to use, 2 or
 servers make this difficult why you at times may have to use this option.
 .TP
 .B CURLOPT_SSL_VERIFYPEER
-Pass a long that is set to a non-zero value to make curl verify the peer's
-certificate. The certificate to verify against must be specified with the
-CURLOPT_CAINFO option (Added in 7.4.2) or a certificate directory must be specified
-with the CURLOPT_CAPATH option (Added in 7.9.8).
+Pass a long that is set to a zero value to stop curl from verifying the peer's
+certificate (7.10 starting setting this option to TRUE by default).  Alternate
+certificates to verify against can be specified with the CURLOPT_CAINFO option
+(Added in 7.4.2) or a certificate directory can be specified with the
+CURLOPT_CAPATH option (Added in 7.9.8).  As of 7.10, curl installs a default
+bundle.  CURLOPT_SSL_VERIFYHOST may also need to be set to 1 or 0 if
+CURLOPT_SSL_VERIFYPEER is disabled (it defaults to 2).
 .TP
 .B CURLOPT_CAINFO
 Pass a char * to a zero terminated string naming a file holding one or more
@@ -742,7 +745,8 @@ socket. It will be used to seed the random engine for SSL.
 .B CURLOPT_SSL_VERIFYHOST
 Pass a long. Set if we should verify the Common name from the peer certificate
 in the SSL handshake, set 1 to check existence, 2 to ensure that it matches
-the provided hostname. (Added in 7.8.1)
+the provided hostname. This is by default set to 2. (Added in 7.8.1, default
+changed in 7.10)
 .TP
 .B CURLOPT_SSL_CIPHER_LIST
 Pass a char *, pointing to a zero terminated string holding the list of
-- 
GitLab