libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. To trigger, this issue also requires that the used wolfSSL library was built with the `OPENSSL_COMPATIBLE_DEFAULTS` symbol set, which is **not** set for the recommended `configure --enable-curl` builds. This flaw is also accessible using the curl command line tool. Reference: https://curl.se/docs/CVE-2024-2379.html Upstream patch: https://github.com/curl/curl/commit/aedbbdf18e689a5eee8dc396