Hi all, I was looking at the WinSSL code which processes CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST, and noticed that, if CURLOPT_SSL_VERIFYPEER isn't enabled, the host name checking won't be performed:
https://github.com/curl/curl/blob/master/lib/vtls/schannel_verify.c#L539 https://github.com/curl/curl/blob/master/lib/vtls/schannel.c#L1117 The docs indicate that this behavior is only present for NSS. Is this omission a mistake? ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
