1 files changed, 15 insertions, 0 deletions

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 9a20b8eff..e00bde2ca 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -307,10 +307,15 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
 #endif
 
 #ifdef _WIN32_WCE
+#ifdef HAS_MANUAL_VERIFY_API
   /* certificate validation on CE doesn't seem to work right; we'll
    * do it following a more manual process. */
   BACKEND->use_manual_cred_validation = true;
 #else
+#error "compiler too old to support requisite manual cert verify for Win CE"
+#endif
+#else
+#ifdef HAS_MANUAL_VERIFY_API
   if(SSL_CONN_CONFIG(CAfile)) {
     if(Curl_verify_windows_version(6, 1, PLATFORM_WINNT,
                                    VERSION_GREATER_THAN_EQUAL)) {
@@ -324,6 +329,12 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
   }
   else
     BACKEND->use_manual_cred_validation = false;
+#else
+  if(SSL_CONN_CONFIG(CAfile)) {
+    failf(data, "schannel: CA cert support not built in");
+    return CURLE_NOT_BUILT_IN;
+  }
+#endif
 #endif
 
   BACKEND->cred = NULL;
@@ -349,9 +360,11 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
     schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
 
     if(conn->ssl_config.verifypeer) {
+#ifdef HAS_MANUAL_VERIFY_API
       if(BACKEND->use_manual_cred_validation)
         schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION;
       else
+#endif
         schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION;
 
       /* TODO s/data->set.ssl.no_revoke/SSL_SET_OPTION(no_revoke)/g */
@@ -892,9 +905,11 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
     }
   }
 
+#ifdef HAS_MANUAL_VERIFY_API
   if(conn->ssl_config.verifypeer && BACKEND->use_manual_cred_validation) {
     return verify_certificate(conn, sockindex);
   }
+#endif
 
   return CURLE_OK;
 }