Sun 21 Oct 2012
Do we need valid SSL certificates?
The header says it all, what's the benefit we gain? Does it really add more security or is the encryption we get enough?
I'll list the pros of disabling host and peer verification, waiting for your cons.
- Hassle free SSL setup, self-signed certificates would be possible to use.
- Related to point one, installers and appliances could generate them.
- cacert.org support would not be a matter of distributions including their root.
- Tolerant against setup faults, a missing intermediate cert is a common error.
- Setups running on old libcurl & libopenssl could interoperate with setups requiring SNI support.
- More fun for everybody (SCNR).