host verification

curl’s SFTP support shipped with a wolfSSH backend that never performed host‑key verification, creating CVE‑2025‑10966 — a subtle but meaningful libcurl vulnerability that was fixed by removing the wolfSSH backend in curl 8.17.0 and replacing it with safer defaults. Background The libcurl...