[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 112/163: CURLOPT_SSL_VERIFYPEER.3: Add performance
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 112/163: CURLOPT_SSL_VERIFYPEER.3: Add performance note |
Date: |
Sun, 05 Aug 2018 12:37:18 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit b6a16afa0aa516b3791efe2e5d779fe67f9d3e0d
Author: Patrick Schlangen <address@hidden>
AuthorDate: Thu Jun 21 21:14:40 2018 +0200
CURLOPT_SSL_VERIFYPEER.3: Add performance note
Closes #2673
---
docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3 | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
index f7ff1b203..e8ad671f7 100644
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <address@hidden>, et al.
+.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <address@hidden>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -57,6 +57,15 @@ man-in-the-middle the communication without you knowing it.
Disabling
verification makes the communication insecure. Just having encryption on a
transfer is not enough as you cannot be sure that you are communicating with
the correct end-point.
+
+NOTE: even when this option is disabled, depending on the used TLS backend,
+curl may still load the certificate file specified in
+\fICURLOPT_CAINFO(3)\fP. curl default settings in some distributions might
+use quite a large file as a default setting for \fICURLOPT_CAINFO(3)\fP,
+so loading the file can be quite expensive, especially when dealing
+with many connections. Thus, in some situations, you might want to disable
+verification fully to save resources by setting \fICURLOPT_CAINFO(3)\f to
+NULL - but please also consider the warning above!
.SH DEFAULT
By default, curl assumes a value of 1.
.SH PROTOCOLS
@@ -81,3 +90,4 @@ Returns CURLE_OK if the option is supported, and
CURLE_UNKNOWN_OPTION if not.
.BR CURLOPT_SSL_VERIFYHOST "(3), "
.BR CURLOPT_PROXY_SSL_VERIFYPEER "(3), "
.BR CURLOPT_PROXY_SSL_VERIFYHOST "(3), "
+.BR CURLOPT_CAINFO "(3), "
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 70/163: axtls: follow-up spell fix of comment, (continued)
- [GNUnet-SVN] [gnurl] 70/163: axtls: follow-up spell fix of comment, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 91/163: KNOWN_BUGS: slow connect to localhost on Windows, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 80/163: openssl: assume engine support in 1.0.1 or later, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 136/163: DEPRECATE: include year when specifying date, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 95/163: configure: enhance ability to detect/build with static openssl, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 108/163: cmake: allow multiple SSL backends, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 86/163: runtests: support variables in <strippart>, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 107/163: url: fix dangling conn->data pointer, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 109/163: system.h: fix for gcc on 32 bit OpenServer, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 123/163: configure: remove CURL_CHECK_NI_WITHSCOPEID too, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 112/163: CURLOPT_SSL_VERIFYPEER.3: Add performance note,
gnunet <=
- [GNUnet-SVN] [gnurl] 88/163: TODO: "Option to refuse usernames in URLs" done, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 126/163: openssl: allow TLS 1.3 by default, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 61/163: KNOWN_BUGS: CURL_GLOBAL_SSL, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 57/163: option: disallow username in URL, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 102/163: runtests.pl: remove debug leftover from bb9a340c73f3, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 87/163: Curl_init_do: handle NULL connection pointer passed in, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 146/163: scripts: include _curl as part of CLEANFILES, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 105/163: travis: run more tests for coverage check, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 99/163: RELEASE-PROCEDURE: gpg sign the tags, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 128/163: openssl: make the requested TLS version the *minimum* wanted, gnunet, 2018/08/05