no_tls_verify is supposed to deactivate host verification only but it deactivate cert verif altogether

[Geobert]

I think there's an issue with no_tls_verify flag.

The doc for method set_no_tls_verify says:

If true, try to establish a TLS connection without hostname verification. Defaults to false.

but the code (for native-tls) is calling danger_accept_invalid_certs which deactivate all certificate check.

Maybe danger_accept_invalid_hostnames was the intent?

And there's the same issue with the Rustls support as I implemented the same behaviour with NoCertVerification.

EDIT: Another possibility is that the doc is wrong ^^'

[inejge]

Originally, only hostname verification could be disabled in native-tls, while full disabling required dealing with the platform TLS library. So, when full disabling became available through native-tls, and that crate got refreshed in 7838a11, it got activated (but not documented). Full disabling is what I desired from the start, so really just the docs need to be updated.

[Geobert]

Thank you for the light :D Great that it's the doc, it's way easier :p