When the TLS is enabled and TLS verification is disabled the host name is still verified and the connection is rejected with "SSL peer certificate or SSH remote key was not OK""

[bsbontchev]

The CURL --insecure option sets the following CURL flags:

          /* libcurl default is strict verifyhost -> 1L, verifypeer -> 1L */
          if(config->insecure_ok) {
            my_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
            my_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
          }

while the libvault sets only one of them:

  if (config_.getVerify()) {
    if (!config_.getCaBundle().empty()) {
      curlWrapper.setOption(CURLOPT_CAINFO,
                            config_.getCaBundle().u8string().c_str());
    }

    curlWrapper.setOption(CURLOPT_SSL_VERIFYPEER, 1);
  } else {
    curlWrapper.setOption(CURLOPT_SSL_VERIFYPEER, 0);
  }

[abedra]

Thanks. Fix pushed an available in https://github.com/abedra/libvault/releases/tag/0.60.0