mention what kind of error you may get if this is not followed

author Daniel Stenberg <daniel@haxx.se>

Thu, 23 Jan 2003 06:15:26 +0000 (06:15 +0000)

committer Daniel Stenberg <daniel@haxx.se>

Thu, 23 Jan 2003 06:15:26 +0000 (06:15 +0000)
author Daniel Stenberg <daniel@haxx.se>
Thu, 23 Jan 2003 06:15:26 +0000 (06:15 +0000)
committer Daniel Stenberg <daniel@haxx.se>
Thu, 23 Jan 2003 06:15:26 +0000 (06:15 +0000)
diff --git a/SSLCERTS b/SSLCERTS

index 6265f7274b8f6900fc114d03482d0a3fa8a64d23..d4a3b57b4334a2cbdf171d2066474edfb1eef88b 100644 (file)
--- a/SSLCERTS
+++ b/SSLCERTS
@@ -26,10 +26,14 @@ included in the bundle, then you need to do one of the following:
  
      With the curl command tool: --cacert [file]
  
-This upgrade procedure has been deemed The Right Thing even though it adds
-this extra trouble for some users, since it adds security to a majority of the
-SSL connections that previously weren't really secure.
-
-It turned out many people were using previous versions of curl/libcurl without
-realizing the need for the CA cert options to get truly secure SSL
-connections.
+Neglecting to use one of the above menthods when dealing with a server using a
+certficate that isn't signed by one of the certficates in the installed CA
+cert bundle, will cause SSL to report an error ("certificate verify failed")
+during the handshake and SSL will then refuse further communication with that
+server.
+
+This procedure has been deemed The Right Thing even though it adds this extra
+trouble for some users, since it adds security to a majority of the SSL
+connections that previously weren't really secure. It turned out many people
+were using previous versions of curl/libcurl without realizing the need for
+the CA cert options to get truly secure SSL connections.
author	Daniel Stenberg <daniel@haxx.se>
	Thu, 23 Jan 2003 06:15:26 +0000 (06:15 +0000)
committer	Daniel Stenberg <daniel@haxx.se>
	Thu, 23 Jan 2003 06:15:26 +0000 (06:15 +0000)