From: Marc Hoersken <info@marc-hoersken.de>
Date: Mon, 9 Apr 2012 16:35:00 +0000 (+0200)
Subject: schannel: Allow certificate and revocation checks being deactivated
X-Git-Tag: curl-7_27_0~231
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bead90a8373960336415e7325574585b7db11127;p=thirdparty%2Fcurl.git

schannel: Allow certificate and revocation checks being deactivated
---

diff --git a/lib/curl_schannel.c b/lib/curl_schannel.c
index cfac6ef0da..158b30c2ff 100644
--- a/lib/curl_schannel.c
+++ b/lib/curl_schannel.c
@@ -96,8 +96,18 @@ schannel_connect_step1(struct connectdata *conn, int sockindex) {
   /* setup Schannel API options */
   memset(&schannel_cred, 0, sizeof(schannel_cred));
   schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
-  schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
-                          SCH_CRED_REVOCATION_CHECK_CHAIN;
+
+  if(data->set.ssl.verifypeer) {
+    schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
+                            SCH_CRED_REVOCATION_CHECK_CHAIN;
+    infof(data, "schannel: checking server certificate and revocation\n");
+  }
+  else {
+    schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
+                            SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
+                            SCH_CRED_IGNORE_REVOCATION_OFFLINE;
+    infof(data, "schannel: disable server certificate and revocation checks\n");
+  }
 
   if(Curl_inet_pton(AF_INET, conn->host.name, &addr) ||
 #ifdef ENABLE_IPV6