schannel: allow verifyhost independently of verifypeer

Prior to this change if the user disabled the verify peer check then no
host check was done. Empirical testing shows
SCH_CRED_MANUAL_CRED_VALIDATION, which we use when peer verification is
disabled, also disables hostname verification.

In Windows < 8 our manual host verification check (ie the check used
when CA info is specified, or peer verification is disabled, or WinCE is
the OS) for schannel continues to only check the first subject alternate
name, and not all the names, since there is no easy way supported by the
API. It looks possible to do just more work, and should be addressed

Assisted-by: Daniel Stenberg
Reported-by: Martin Galvan

Fixes #3284
Closes #3285
Closes #xxxx
3 files changed
tree: e44afc27026a69a95204cde71d50fef30cab8f3c
  1. .dir-locals.el
  2. .gitattributes
  3. .github/
  4. .gitignore
  5. .lgtm.yml
  6. .mailmap
  8. .travis.yml
  10. CMake/
  11. CMakeLists.txt
  13. GIT-INFO
  14. MacOSX-Framework
  16. Makefile.dist
  17. README
  20. acinclude.m4
  21. appveyor.yml
  22. buildconf
  23. buildconf.bat
  26. docs/
  27. include/
  28. lib/
  30. m4/
  31. maketgz
  32. packages/
  33. projects/
  34. scripts/
  35. src/
  36. tests/
  37. winbuild/

curl logo

CII Best Practices Coverity passed Travis-CI Build Status AppVeyor Build Status Coverage Status Backers on Open Collective Sponsors on Open Collective Language Grade: C/C++

Curl is a command-line tool for transferring data specified with URL syntax. Find out how to use curl by reading the curl.1 man page or the MANUAL document. Find out how to install Curl by reading the INSTALL document.

libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl.3 man page to learn how!

You find answers to the most frequent questions we get in the FAQ document.

Study the COPYING file for distribution terms and similar. If you distribute curl binaries or other binaries that involve libcurl, you might enjoy the LICENSE-MIXING document.


If you have problems, questions, ideas or suggestions, please contact us by posting to a suitable mailing list.

All contributors to the project are listed in the THANKS document.


Visit the curl web site for the latest news and downloads.


To download the very latest source from the Git server do this:

git clone

(you'll get a directory named curl created, filled with the source code)


Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.


Thank you to all our backers! 🙏 [Become a backer]


Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]