From 64e52596abaf4bdd4c17f79c4e8acf25d1a452b4 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Wed, 29 Aug 2018 08:55:49 +0000
Subject: Verify certs (#223)

Ensure that certificates are verified in curl
should close #47 ---
 doc/source/features.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'doc/source/features.rst')

diff --git a/doc/source/features.rst b/doc/source/features.rst
index 540e982..f676468 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -344,6 +344,21 @@ Snuffleupagus can prevent the execution of this kind of file. A good practice
 would be to use a different user to run PHP than for administrating the website,
 and using this feature to lock this up.
 
+
+.. _mandatory-cert-validation:
+
+Mandatory certificates validation
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+It's a common practise to disable `certificate validation <https://en.wikipedia.org/wiki/Transport_Layer_Security>`__
+during development for convenience's sake. Unfortunately, it's equally common
+to forget to turn it back on.
+
+Snuffleupagus can prevent php code from turning off certificate validation
+for anything `cURL <https://secure.php.net/manual/en/book.curl.php>`__-based.
+
+
+
 .. _stream-wrapper-whitelist-feature:
 
 Whitelist of stream-wrappers
-- 
cgit v1.3