curl/docs/cmdline-opts/insecure.d
Daniel Stenberg 2bc1d775f5
copyright: update all copyright lines and remove year ranges
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205
2023-01-03 09:19:21 +01:00

34 lines
1.3 KiB
Makefile

c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
Long: insecure
Short: k
Help: Allow insecure server connections
Protocols: TLS SFTP SCP
See-also: proxy-insecure cacert capath
Category: tls sftp scp
Example: --insecure $URL
Added: 7.10
Multi: boolean
---
By default, every secure connection curl makes is verified to be secure before
the transfer takes place. This option makes curl skip the verification step
and proceed without checking.
When this option is not used for protocols using TLS, curl verifies the
server's TLS certificate before it continues: that the certificate contains
the right name which matches the host name used in the URL and that the
certificate has been signed by a CA certificate present in the cert store.
See this online resource for further details:
https://curl.se/docs/sslcerts.html
For SFTP and SCP, this option makes curl skip the *known_hosts* verification.
*known_hosts* is a file normally stored in the user's home directory in the
".ssh" subdirectory, which contains host names and their public keys.
**WARNING**: using this option makes the transfer insecure.
When curl uses secure protocols it trusts responses and allows for example
HSTS and Alt-Svc information to be stored and used subsequently. Using
--insecure can make curl trust and use such information from malicious
servers.