tags:

views:

11

answers:

1

I'm working on a web task automation with curl and not getting the result I want, its for a SSL connection and currently I have Curl set to:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

As I understand it, this means it will just blindly accept any SSL certificate, however what I am unable to understand and seemingly find info on, is whether the data being sent back to the server is now encrypted properly, as per their SSL certificate.. I need to mimic an actual web browser to make this work so if its not sending back the POST as being encrypted, I think this would lead to the problem I am having... any further insight into this is appreciated.

A: 

This option simply ignores certificate verification errors (like wrong hostname, untrusted CA etc). The data will be encrypted just like normal SSL connection.

The security risk without verifying peer is that you might be encrypting data for the wrong party.

ZZ Coder