aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorMarc Hoersken <info@marc-hoersken.de>2012-04-09 18:35:00 +0200
committerDaniel Stenberg <daniel@haxx.se>2012-06-11 19:00:34 +0200
commitbead90a8373960336415e7325574585b7db11127 (patch)
tree95ddaaab39d10905b8b95cfe71bccc8e35d727c8 /lib
parentaaa42aa0d594b95c6c670a373ba30c507aa0a5ed (diff)
schannel: Allow certificate and revocation checks being deactivated
Diffstat (limited to 'lib')
-rw-r--r--lib/curl_schannel.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/curl_schannel.c b/lib/curl_schannel.c
index cfac6ef0d..158b30c2f 100644
--- a/lib/curl_schannel.c
+++ b/lib/curl_schannel.c
@@ -96,8 +96,18 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) {
/* setup Schannel API options */
memset(&schannel_cred, 0, sizeof(schannel_cred));
schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
- schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
- SCH_CRED_REVOCATION_CHECK_CHAIN;
+
+ if(data->set.ssl.verifypeer) {
+ schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
+ SCH_CRED_REVOCATION_CHECK_CHAIN;
+ infof(data, "schannel: checking server certificate and revocation\n");
+ }
+ else {
+ schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
+ SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
+ SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+ infof(data, "schannel: disable server certificate and revocation checks\n");
+ }
if(Curl_inet_pton(AF_INET, conn->host.name, &addr) ||
#ifdef ENABLE_IPV6