insecure.md (1413B)
1 --- 2 c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3 SPDX-License-Identifier: curl 4 Long: insecure 5 Short: k 6 Help: Allow insecure server connections 7 Protocols: TLS SFTP SCP 8 Category: tls sftp scp ssh 9 Added: 7.10 10 Multi: boolean 11 See-also: 12 - proxy-insecure 13 - cacert 14 - capath 15 Example: 16 - --insecure $URL 17 --- 18 19 # `--insecure` 20 21 By default, every secure connection curl makes is verified to be secure before 22 the transfer takes place. This option makes curl skip the verification step 23 and proceed without checking. 24 25 When this option is not used for protocols using TLS, curl verifies the 26 server's TLS certificate before it continues: that the certificate contains 27 the right name which matches the hostname used in the URL and that the 28 certificate has been signed by a CA certificate present in the cert store. See 29 this online resource for further details: 30 **https://curl.se/docs/sslcerts.html** 31 32 For SFTP and SCP, this option makes curl skip the *known_hosts* verification. 33 *known_hosts* is a file normally stored in the user's home directory in the 34 ".ssh" subdirectory, which contains hostnames and their public keys. 35 36 **WARNING**: using this option makes the transfer insecure. 37 38 When curl uses secure protocols it trusts responses and allows for example 39 HSTS and Alt-Svc information to be stored and used subsequently. Using 40 --insecure can make curl trust and use such information from malicious 41 servers.