On Sun, 4 May 2008, Leon Stringer wrote:
If I comment out lines 614 and 615 of content/fetchers/fetch_curl.c
Without these lines access to HTTP and HTTPS sites seems to work fine so I'm
not sure they're necessary. But I'm not a libcurl or SSL expert so maybe
there's a very good reason for them?
It's required so that we can present certificate details to the user when
it fails to verify. This only works with libcurl+openssl because libcurl
doesn't provide access to the underlying SSL library handle for other SSL
implementations. We've never attempted to use any other SSL implementation
so, while https connections to sites with valid certificates may work, all
bets are off when invalid certificates are encountered.