Misleading TLS verification instructions

[bagder]

The README currently says:

SSL verification setup:

$curl = new Curl\Curl();
$curl->setOpt(CURLOPT_RETURNTRANSFER, TRUE);
$curl->setOpt(CURLOPT_SSL_VERIFYPEER, FALSE);
$curl->get('https://encrypted.example.com/');

Which makes it sound as if this is a recommend or even good setup, while in fact this disables SSL verification.

I would strongly urge that you rather show how to use this securely, which would mean not disabling TLS security.

/ Daniel, curl lead developer

[nadar]

@bagder 100% agree, removed from all READMEs. I don't think it was intended to say this is the default setup, but anyway, you are right.

[bagder]

Thanks for your swift response!