On Mo, 2011-08-01 at 21:12 +0200, karlitos(a)seznam.cz wrote:
So SSLVerifyHost = 0 is not the same as SSLVerifyPeer = 0 ? And what
is with SSLVerifyServer = 0 option ?
No, they are different. SSLVerifyHost disables less than
$ syncevolution SSLVerifyServer=? SSLVerifyHost=?
The client refuses to establish the connection unless
the server presents a valid certificate. Disabling this
option considerably reduces the security of SSL
(man-in-the-middle attacks become possible) and is not
The client refuses to establish the connection unless the
server's certificate matches its host name. In cases where
the certificate still seems to be valid it might make sense
to disable this option and allow such connections.
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.