diff options
| author | Marc Hoersken <info@marc-hoersken.de> | 2012-04-09 18:35:00 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2012-06-11 19:00:34 +0200 |
| commit | bead90a8373960336415e7325574585b7db11127 (patch) | |
| tree | 95ddaaab39d10905b8b95cfe71bccc8e35d727c8 /lib | |
| parent | aaa42aa0d594b95c6c670a373ba30c507aa0a5ed (diff) | |
schannel: Allow certificate and revocation checks being deactivated
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/curl_schannel.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/lib/curl_schannel.c b/lib/curl_schannel.c index cfac6ef0d..158b30c2f 100644 --- a/lib/curl_schannel.c +++ b/lib/curl_schannel.c @@ -96,8 +96,18 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) { /* setup Schannel API options */ memset(&schannel_cred, 0, sizeof(schannel_cred)); schannel_cred.dwVersion = SCHANNEL_CRED_VERSION; - schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION | - SCH_CRED_REVOCATION_CHECK_CHAIN; + + if(data->set.ssl.verifypeer) { + schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION | + SCH_CRED_REVOCATION_CHECK_CHAIN; + infof(data, "schannel: checking server certificate and revocation\n"); + } + else { + schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION | + SCH_CRED_IGNORE_NO_REVOCATION_CHECK | + SCH_CRED_IGNORE_REVOCATION_OFFLINE; + infof(data, "schannel: disable server certificate and revocation checks\n"); + } if(Curl_inet_pton(AF_INET, conn->host.name, &addr) || #ifdef ENABLE_IPV6 |