An attempt to make parts of this description non-ambiguous.
Clarify CURLOPT_SSL_VERIFYHOST documentation
- better describe what happens when 1 is specified as parameter
- clarify what "is ignored" means for NSS builds
The proposed wording sounds ambiguous to me -- one could assume that a subsequent call of curl_easy_setopt(CURLOPT_SSL_VERIFYHOST, 2L) would re-enable the identity check. What about the following wording?
If libcurl is built against NSS and CURLOPT_SSL_VERIFYPEER is zero, then the value of CURLOPT_SSL_VERIFYHOST is ignored (the identity check is disabled).
I found "CURLOPT_SSL_VERIFYHOST is ignored" ambiguous, as it seemed it can be read as "whatever you set for CURLOPT_SSL_VERIFYHOST will be ignored and the default value will be used". Hence my attempt to make it explicit VERIFYHOST is forced to 0. Maybe "CURLOPT_SSL_VERIFYHOST is also set to 0 and can not be overridden" is what should be used.
I agree with you kdudka on that.
I have pushed the patch including the above proposed changes: d7d8a8f Thanks for the contribution!
KNOWN_BUGS: #83 unable to load non-default openssl engines
KNOWN_BUGS: #83 was addressed with commit c50ce85