diff options
Diffstat (limited to 'lib/curl_schannel.c')
-rw-r--r-- | lib/curl_schannel.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/lib/curl_schannel.c b/lib/curl_schannel.c index ef6b1adb0..8cb3af80f 100644 --- a/lib/curl_schannel.c +++ b/lib/curl_schannel.c @@ -156,14 +156,22 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) infof(data, "schannel: disable server certificate revocation checks\n"); } - if(Curl_inet_pton(AF_INET, conn->host.name, &addr) || + if(Curl_inet_pton(AF_INET, conn->host.name, &addr) #ifdef ENABLE_IPV6 - Curl_inet_pton(AF_INET6, conn->host.name, &addr6) || + || Curl_inet_pton(AF_INET6, conn->host.name, &addr6) #endif - !data->set.ssl.verifyhost) { + ) { schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK; - infof(data, "schannel: using IP address, disable SNI servername " - "check\n"); + infof(data, "schannel: using IP address, SNI is being disabled by " + "disabling the servername check against the " + "subject names in server certificates.\n"); + } + + if(!data->set.ssl.verifyhost) { + schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK; + infof(data, "schannel: verifyhost setting prevents Schannel from " + "comparing the supplied target name with the subject " + "names in server certificates. Also disables SNI.\n"); } switch(data->set.ssl.version) { |