diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index baa9aeac..c0f1a5de 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -349,7 +349,6 @@ enum lws_context_options {
 								  (1 << 12),
 	LWS_SERVER_OPTION_LIBUV					= (1 << 10),
 	LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS		= (1 << 11) |
-								  (1 << 3) |
 								  (1 << 12),
 	LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT			= (1 << 12),
 	LWS_SERVER_OPTION_EXPLICIT_VHOSTS			= (1 << 13),
diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index 4bd23c2a..402ba9cf 100644
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -1272,7 +1272,7 @@ struct lws {
 	unsigned int extension_data_pending:1;
 #endif
 #ifdef LWS_OPENSSL_SUPPORT
-	unsigned int use_ssl:2;
+	unsigned int use_ssl:3;
 	unsigned int upgraded:1;
 #endif
 #ifdef _WIN32
diff --git a/lib/ssl-client.c b/lib/ssl-client.c
index 904c77ac..637dcc93 100644
--- a/lib/ssl-client.c
+++ b/lib/ssl-client.c
@@ -53,13 +53,15 @@ lws_ssl_client_bio_create(struct lws *wsi)
 	}
 
 #if defined LWS_HAVE_X509_VERIFY_PARAM_set1_host
-	param = SSL_get0_param(wsi->ssl);
-	/* Enable automatic hostname checks */
-	X509_VERIFY_PARAM_set_hostflags(param,
-					X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
-	X509_VERIFY_PARAM_set1_host(param, hostname, 0);
-	/* Configure a non-zero callback if desired */
-	SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, 0);
+	{
+		param = SSL_get0_param(wsi->ssl);
+		/* Enable automatic hostname checks */
+		X509_VERIFY_PARAM_set_hostflags(param,
+						X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
+		X509_VERIFY_PARAM_set1_host(param, hostname, 0);
+		/* Configure a non-zero callback if desired */
+		SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, 0);
+	}
 #endif
 
 #ifndef USE_WOLFSSL
@@ -286,12 +288,12 @@ lws_ssl_client_connect2(struct lws *wsi)
 	lws_latency_pre(context, wsi);
 	n = SSL_get_verify_result(wsi->ssl);
 	lws_latency(context, wsi,
-		"SSL_get_verify_result LWS_CONNMODE..HANDSHAKE",
-						      n, n > 0);
+		"SSL_get_verify_result LWS_CONNMODE..HANDSHAKE", n, n > 0);
 
 	if (n != X509_V_OK) {
 		if ((n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
-		     n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && wsi->use_ssl == 2) {
+		     n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) &&
+		     wsi->use_ssl == 2) {
 			lwsl_notice("accepting self-signed certificate\n");
 		} else {
 			lwsl_err("server's cert didn't look good, X509_V_ERR = %d: %s\n",