From 8f74f851a6d06125852b2b986f542b4f88c6743c Mon Sep 17 00:00:00 2001
From: Tomas Weinfurt <tweinfurt@yahoo.com>
Date: Wed, 28 Jul 2021 14:29:13 -0700
Subject: [PATCH] ignore validation failures with NO_CERTIFICATE_VALIDATION
 (#1728)

---
 src/platform/tls_schannel.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/platform/tls_schannel.c b/src/platform/tls_schannel.c
index d87a58f7f..2ed0fccdb 100644
--- a/src/platform/tls_schannel.c
+++ b/src/platform/tls_schannel.c
@@ -1976,8 +1976,9 @@ CxPlatTlsWriteDataToSchannel(
                 }
             }
             SecPkgContext_CertificateValidationResult CertValidationResult = {0,0};
-            if (TlsContext->SecConfig->Flags & QUIC_CREDENTIAL_FLAG_REQUIRE_CLIENT_AUTHENTICATION ||
-                TlsContext->SecConfig->Flags & QUIC_CREDENTIAL_FLAG_DEFER_CERTIFICATE_VALIDATION) {
+            if (!(TlsContext->SecConfig->Flags & QUIC_CREDENTIAL_FLAG_NO_CERTIFICATE_VALIDATION) &&
+                (TlsContext->SecConfig->Flags & QUIC_CREDENTIAL_FLAG_REQUIRE_CLIENT_AUTHENTICATION ||
+                TlsContext->SecConfig->Flags & QUIC_CREDENTIAL_FLAG_DEFER_CERTIFICATE_VALIDATION)) {
                 //
                 // Collect the client cert validation result
                 //