Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Schannel can't disable only CURLOPT_SSL_VERIFYPEER and still verify the host name #3284
I did this
Martin Galvan reported on the mailing list:
I expected the following
If the TLS backend has the API for it, the options should be independent.
current git master
referenced this issue
Nov 17, 2018
It fails with SEC_E_WRONG_PRINCIPAL when verifypeer is enabled, but succeeds when it's disabled. (I'm using https://cdn0.nflximg.net as test server). When verifypeer is disabled then manual verification is enabled SCH_CRED_MANUAL_CRED_VALIDATION. What I think is happening is the manual verification disables the server name check even though we don't. Seems like they could have warned us of that in the doc.