On Mon, Feb 3, 2014 at 7:49 PM, Pierre Joye <pierre.php@gmail.com> wrote:
> On Mon, Feb 3, 2014 at 7:46 PM, Daniel Lowrey <rdlowrey@gmail.com> wrote:
>
> > The only real question here is this:
> >
> > ***** Should we ship a CA file? *****
> >
> > Personally, I say no. If people are going to programmatically use
> encrypted
> > stream transfers they need to at the very least understand the basics of
> the
> > CA system. We shouldn't subsidize insecurity, and it's trivially easy to
> > procure a CA file.
>
> We should for the windows binaries and use a script to update it. This
> script should be part of the src distros.
>
> I have added the curl ca cert file option because many users requested
> it. It is very handy to have the ability to get a uptodate certs file,
> especially when the OS one is outdated and cannot be updated (yes, it
> happens :).
Hi Pierre,
What made you change your mind about this since the discussion in december?
http://grokbase.com/p/php/php-internals/13chgngwf2/php-dev-vote-tls-peer-verification
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu