1*6236dae4SAndroid Build Coastguard Worker--- 2*6236dae4SAndroid Build Coastguard Workerc: Copyright (C) Daniel Stenberg, <[email protected]>, et al. 3*6236dae4SAndroid Build Coastguard WorkerSPDX-License-Identifier: curl 4*6236dae4SAndroid Build Coastguard WorkerLong: insecure 5*6236dae4SAndroid Build Coastguard WorkerShort: k 6*6236dae4SAndroid Build Coastguard WorkerHelp: Allow insecure server connections 7*6236dae4SAndroid Build Coastguard WorkerProtocols: TLS SFTP SCP 8*6236dae4SAndroid Build Coastguard WorkerCategory: tls sftp scp ssh 9*6236dae4SAndroid Build Coastguard WorkerAdded: 7.10 10*6236dae4SAndroid Build Coastguard WorkerMulti: boolean 11*6236dae4SAndroid Build Coastguard WorkerSee-also: 12*6236dae4SAndroid Build Coastguard Worker - proxy-insecure 13*6236dae4SAndroid Build Coastguard Worker - cacert 14*6236dae4SAndroid Build Coastguard Worker - capath 15*6236dae4SAndroid Build Coastguard WorkerExample: 16*6236dae4SAndroid Build Coastguard Worker - --insecure $URL 17*6236dae4SAndroid Build Coastguard Worker--- 18*6236dae4SAndroid Build Coastguard Worker 19*6236dae4SAndroid Build Coastguard Worker# `--insecure` 20*6236dae4SAndroid Build Coastguard Worker 21*6236dae4SAndroid Build Coastguard WorkerBy default, every secure connection curl makes is verified to be secure before 22*6236dae4SAndroid Build Coastguard Workerthe transfer takes place. This option makes curl skip the verification step 23*6236dae4SAndroid Build Coastguard Workerand proceed without checking. 24*6236dae4SAndroid Build Coastguard Worker 25*6236dae4SAndroid Build Coastguard WorkerWhen this option is not used for protocols using TLS, curl verifies the 26*6236dae4SAndroid Build Coastguard Workerserver's TLS certificate before it continues: that the certificate contains 27*6236dae4SAndroid Build Coastguard Workerthe right name which matches the hostname used in the URL and that the 28*6236dae4SAndroid Build Coastguard Workercertificate has been signed by a CA certificate present in the cert store. See 29*6236dae4SAndroid Build Coastguard Workerthis online resource for further details: 30*6236dae4SAndroid Build Coastguard Worker**https://curl.se/docs/sslcerts.html** 31*6236dae4SAndroid Build Coastguard Worker 32*6236dae4SAndroid Build Coastguard WorkerFor SFTP and SCP, this option makes curl skip the *known_hosts* verification. 33*6236dae4SAndroid Build Coastguard Worker*known_hosts* is a file normally stored in the user's home directory in the 34*6236dae4SAndroid Build Coastguard Worker".ssh" subdirectory, which contains hostnames and their public keys. 35*6236dae4SAndroid Build Coastguard Worker 36*6236dae4SAndroid Build Coastguard Worker**WARNING**: using this option makes the transfer insecure. 37*6236dae4SAndroid Build Coastguard Worker 38*6236dae4SAndroid Build Coastguard WorkerWhen curl uses secure protocols it trusts responses and allows for example 39*6236dae4SAndroid Build Coastguard WorkerHSTS and Alt-Svc information to be stored and used subsequently. Using 40*6236dae4SAndroid Build Coastguard Worker--insecure can make curl trust and use such information from malicious 41*6236dae4SAndroid Build Coastguard Workerservers. 42