From 89e859d09248de6b1b9b9cdd652cb72c9f7ff098 Mon Sep 17 00:00:00 2001
From: xXx-caillou-xXx
Date: Wed, 29 Aug 2018 18:09:51 +0200
Subject: Change how we're validating certificates

---
 doc/source/config.rst   | 11 -----------
 doc/source/features.rst | 15 ---------------
 2 files changed, 26 deletions(-)

(limited to 'doc/source')

diff --git a/doc/source/config.rst b/doc/source/config.rst
index d89d7f5..e209ecb 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -202,17 +202,6 @@ to explicitly whitelist some `stream wrappers <https://secure.php.net/manual/en/
   sp.wrappers_whitelist.list("file,php,phar");
 
 
-Mandatory certificates validation
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-:ref:`Mandatory certificate validation <mandatory-cert-validation>` ensures
-that it's not possible to turn off certificate validation for `cURL usage <https://secure.php.net/manual/en/book.curl.php>`__.
-
-::
-
-  sp.curl_verify_certificates.enable();
-
-
 Eval white and blacklist
 ^^^^^^^^^^^^^^^^^^^^^^^^
 
diff --git a/doc/source/features.rst b/doc/source/features.rst
index f676468..540e982 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -344,21 +344,6 @@ Snuffleupagus can prevent the execution of this kind of file. A good practice
 would be to use a different user to run PHP than for administrating the website,
 and using this feature to lock this up.
 
-
-.. _mandatory-cert-validation:
-
-Mandatory certificates validation
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-It's a common practise to disable `certificate validation <https://en.wikipedia.org/wiki/Transport_Layer_Security>`__
-during development for convenience's sake. Unfortunately, it's equally common
-to forget to turn it back on.
-
-Snuffleupagus can prevent php code from turning off certificate validation
-for anything `cURL <https://secure.php.net/manual/en/book.curl.php>`__-based.
-
-
-
 .. _stream-wrapper-whitelist-feature:
 
 Whitelist of stream-wrappers
-- 
cgit v1.3