If CURLOPT_SSL_VERIFYPEER is false, is the data transfer no longer secure?

Question

I\'ve recently run into a problem posting data to a server whose SSL certificate was updated. I did some research and I found that when CURLOPT_SSL_VERIFYPEER is set to fals

Answer 1

I would like to clearify about relation between _VERIFYHOST and _VERIFYPEER from my testing.

_VERIFYHOST check common name(CN) as manual said that depend on option 1 or 2. This verification only checks and generates error message case failed. The verification itself has no effect on connection at all, even verification error occurs. It's result used by _VERIFYPEER to cut down or continue connection.

_VERIFYPEER (1) check 2 things. First, it checks certificate with CAINFO. if CAINFO specify in curl option then it check with that value, otherwise it check with value specify in php.ini. Second, it check result from _VERIFYHOST (case set _VERIFYHOST to 1 or 2). If verification pass both condition, the connection will be continued. Otherwise the connection will be cut down.