diff --git a/lib/ssl-client.c b/lib/ssl-client.c
index 0578fbd1..b8154aa2 100644
--- a/lib/ssl-client.c
+++ b/lib/ssl-client.c
@@ -387,14 +387,15 @@ lws_ssl_client_connect2(struct lws *wsi)
 	if (n != X509_V_OK) {
 		if ((n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
 		     n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) &&
-		     wsi->use_ssl & LCCSCF_ALLOW_SELFSIGNED) {
+		     (wsi->use_ssl & LCCSCF_ALLOW_SELFSIGNED)) {
 			lwsl_notice("accepting self-signed certificate\n");
 		} else if ((n == X509_V_ERR_CERT_NOT_YET_VALID ||
 		            n == X509_V_ERR_CERT_HAS_EXPIRED) &&
-		     wsi->use_ssl & LCCSCF_ALLOW_EXPIRED) {
+		     (wsi->use_ssl & LCCSCF_ALLOW_EXPIRED)) {
 			lwsl_notice("accepting expired certificate\n");
 		} else if (n == X509_V_ERR_CERT_NOT_YET_VALID) {
-			lwsl_notice("Cert is from the future... probably our clock... accepting...\n");
+			lwsl_notice("Cert is from the future... "
+				    "probably our clock... accepting...\n");
 		} else {
 			lwsl_err("server's cert didn't look good, X509_V_ERR = %d: %s\n",
 				 n, ERR_error_string(n, sb));