aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/vtls/curl_schannel.c20
1 files changed, 9 insertions, 11 deletions
diff --git a/lib/vtls/curl_schannel.c b/lib/vtls/curl_schannel.c
index 33c9aac8e..bee493ca1 100644
--- a/lib/vtls/curl_schannel.c
+++ b/lib/vtls/curl_schannel.c
@@ -156,17 +156,6 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
infof(data, "schannel: disable server certificate revocation checks\n");
}
- if(Curl_inet_pton(AF_INET, conn->host.name, &addr)
-#ifdef ENABLE_IPV6
- || Curl_inet_pton(AF_INET6, conn->host.name, &addr6)
-#endif
- ) {
- schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
- infof(data, "schannel: using IP address, SNI is being disabled by "
- "disabling the servername check against the "
- "subject names in server certificates.\n");
- }
-
if(!data->set.ssl.verifyhost) {
schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
infof(data, "schannel: verifyhost setting prevents Schannel from "
@@ -228,6 +217,15 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
}
}
+ /* Warn if SNI is disabled due to use of an IP address */
+ if(Curl_inet_pton(AF_INET, conn->host.name, &addr)
+#ifdef ENABLE_IPV6
+ || Curl_inet_pton(AF_INET6, conn->host.name, &addr6)
+#endif
+ ) {
+ infof(data, "schannel: using IP address, SNI is not supported by OS.\n");
+ }
+
/* setup output buffer */
InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
InitSecBufferDesc(&outbuf_desc, &outbuf, 1);