On Tue, 5 Nov 2013, Mike Mio wrote:
Due to an excessively cursory reading of the docs line "If libcurl is built
against NSS and CURLOPT_SSL_VERIFYPEER is zero, CURLOPT_SSL_VERIFYHOST is
ignored.", CURLOPT_SSL_VERIFYHOST was not set (to 0)
That worked just fine until v.7.33.0
Are you really using NSS?
The different between v7.33.0 and previous versions was this:
That's code handling the OpenSSL backend, and yes the CURLOPT_SSL_VERIFYPEER
and CURLOPT_SSL_VERIFYHOST options were fixed to both have an affect as
documented. They're actually somewhat independent of each other but both
should be enabled for proper security (and they are both enabled by default).
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
