On Sat, 30 Nov 2013, Oscar Koeroo wrote:
I now (better) understand the motivations for the change. I personally rate this as a security through obscurity solution which in effect does add something.
No, that's not what this change brings. This change makes the code again work like it used to, and how it is documented to work. It doesn't really add anything and it doesn't change behavior (in other aspects than how a bugfix can change behavior).
I just hope nobody sees the new fix as an opportunity to leverage a wider disabling of the peer cert check.
It really can't, as libcurl already worked like this before. This was a regression.
We can of course discuss if the option should work like this or even exist in the future, but that doesn't change the past and what's in the code right now.
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
