insecure.d 1.3 KB

123456789101112131415161718192021222324252627282930313233
  1. c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  2. SPDX-License-Identifier: curl
  3. Long: insecure
  4. Short: k
  5. Help: Allow insecure server connections
  6. Protocols: TLS SFTP SCP
  7. See-also: proxy-insecure cacert capath
  8. Category: tls sftp scp
  9. Example: --insecure $URL
  10. Added: 7.10
  11. Multi: boolean
  12. ---
  13. By default, every secure connection curl makes is verified to be secure before
  14. the transfer takes place. This option makes curl skip the verification step
  15. and proceed without checking.
  16. When this option is not used for protocols using TLS, curl verifies the
  17. server's TLS certificate before it continues: that the certificate contains
  18. the right name which matches the host name used in the URL and that the
  19. certificate has been signed by a CA certificate present in the cert store.
  20. See this online resource for further details:
  21. https://curl.se/docs/sslcerts.html
  22. For SFTP and SCP, this option makes curl skip the *known_hosts* verification.
  23. *known_hosts* is a file normally stored in the user's home directory in the
  24. ".ssh" subdirectory, which contains host names and their public keys.
  25. **WARNING**: using this option makes the transfer insecure.
  26. When curl uses secure protocols it trusts responses and allows for example
  27. HSTS and Alt-Svc information to be stored and used subsequently. Using
  28. --insecure can make curl trust and use such information from malicious
  29. servers.