From 5fd1d1fa63549823d0b13519d505bae0fbe29853 Mon Sep 17 00:00:00 2001
From: yhirose <yuji.hirose.bug@gmail.com>
Date: Sat, 3 Jan 2026 00:46:55 -0500
Subject: [PATCH] Enhance Windows certificate verification for compatibility
 with newer versions

---
 httplib.h | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/httplib.h b/httplib.h
index d8febf0..2612810 100644
--- a/httplib.h
+++ b/httplib.h
@@ -7278,7 +7278,8 @@ inline bool verify_cert_with_windows_schannel(X509 *server_cert,
   // Setup chain parameters
   CERT_CHAIN_PARA chain_para = {};
   chain_para.cbSize = sizeof(chain_para);
-#ifdef CERT_CHAIN_PARA_HAS_EXTRA_FIELDS
+#if defined(_WIN32) && _WIN32_WINNT >= 0x0600
+  // dwUrlRetrievalTimeout is available on Windows Vista and later
   chain_para.dwUrlRetrievalTimeout = static_cast<DWORD>(timeout_sec * 1000);
 #else
   (void)timeout_sec;
@@ -7308,7 +7309,9 @@ inline bool verify_cert_with_windows_schannel(X509 *server_cert,
   // Verify SSL policy
   SSL_EXTRA_CERT_CHAIN_POLICY_PARA extra_policy_para = {};
   extra_policy_para.cbSize = sizeof(extra_policy_para);
+#ifdef AUTHTYPE_SERVER
   extra_policy_para.dwAuthType = AUTHTYPE_SERVER;
+#endif
 
   std::wstring whost;
   if (verify_hostname) {
@@ -7318,7 +7321,11 @@ inline bool verify_cert_with_windows_schannel(X509 *server_cert,
 
   CERT_CHAIN_POLICY_PARA policy_para = {};
   policy_para.cbSize = sizeof(policy_para);
+#ifdef CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS
   policy_para.dwFlags = CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS;
+#else
+  policy_para.dwFlags = 0;
+#endif
   policy_para.pvExtraPolicyPara = &extra_policy_para;
 
   CERT_CHAIN_POLICY_STATUS policy_status = {};