On Mo, 2011-08-01 at 21:12 +0200, [email protected] wrote:
> So SSLVerifyHost = 0 is not the same as SSLVerifyPeer = 0 ? And what is with 
> SSLVerifyServer = 0 option ?

No, they are different. SSLVerifyHost disables less than
SSLVerifyServer:

$ syncevolution SSLVerifyServer=? SSLVerifyHost=?
'SSLVerifyServer=?'
   The client refuses to establish the connection unless
   the server presents a valid certificate. Disabling this
   option considerably reduces the security of SSL
   (man-in-the-middle attacks become possible) and is not
   recommended.
'SSLVerifyHost=?'
   The client refuses to establish the connection unless the
   server's certificate matches its host name. In cases where
   the certificate still seems to be valid it might make sense
   to disable this option and allow such connections.


-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.


_______________________________________________
SyncEvolution mailing list
[email protected]
http://lists.syncevolution.org/listinfo/syncevolution

Reply via email to