diff --git a/dlls/winhttp/session.c b/dlls/winhttp/session.c
index 4813a3f10c2..514a56daa9f 100644
--- a/dlls/winhttp/session.c
+++ b/dlls/winhttp/session.c
@@ -999,6 +999,14 @@ static BOOL request_set_option( object_header_t *hdr, DWORD option, LPVOID buffe
         if (!(session->proxy_password = buffer_to_str( buffer, buflen ))) return FALSE;
         return TRUE;
     }
+    case WINHTTP_OPTION_CLIENT_CERT_CONTEXT:
+        if (!(hdr->flags & WINHTTP_FLAG_SECURE))
+        {
+            SetLastError( ERROR_WINHTTP_INCORRECT_HANDLE_STATE );
+            return FALSE;
+        }
+        FIXME("WINHTTP_OPTION_CLIENT_CERT_CONTEXT\n");
+        return TRUE;
     default:
         FIXME("unimplemented option %u\n", option);
         set_last_error( ERROR_INVALID_PARAMETER );
@@ -1224,7 +1232,7 @@ static BOOL set_option( object_header_t *hdr, DWORD option, LPVOID buffer, DWORD
 {
     BOOL ret = TRUE;
 
-    if (!buffer)
+    if (!buffer && buflen)
     {
         set_last_error( ERROR_INVALID_PARAMETER );
         return FALSE;
diff --git a/dlls/winhttp/tests/winhttp.c b/dlls/winhttp/tests/winhttp.c
index 1cc9ba07e8a..e5a8be3e861 100644
--- a/dlls/winhttp/tests/winhttp.c
+++ b/dlls/winhttp/tests/winhttp.c
@@ -994,6 +994,9 @@ static void test_secure_connection(void)
     req = WinHttpOpenRequest(con, NULL, NULL, NULL, NULL, NULL, 0);
     ok(req != NULL, "failed to open a request %u\n", GetLastError());
 
+    ret = WinHttpSetOption(req, WINHTTP_OPTION_CLIENT_CERT_CONTEXT, WINHTTP_NO_CLIENT_CERT_CONTEXT, 0);
+    ok(!ret && GetLastError() == ERROR_WINHTTP_INCORRECT_HANDLE_STATE, "setting client cert context returned %x (%u)\n", ret, GetLastError());
+
     ret = WinHttpSendRequest(req, NULL, 0, NULL, 0, 0, 0);
     err = GetLastError();
     if (!ret && (err == ERROR_WINHTTP_CANNOT_CONNECT || err == ERROR_WINHTTP_TIMEOUT))
@@ -1017,6 +1020,9 @@ static void test_secure_connection(void)
     req = WinHttpOpenRequest(con, NULL, NULL, NULL, NULL, NULL, WINHTTP_FLAG_SECURE);
     ok(req != NULL, "failed to open a request %u\n", GetLastError());
 
+    ret = WinHttpSetOption(req, WINHTTP_OPTION_CLIENT_CERT_CONTEXT, WINHTTP_NO_CLIENT_CERT_CONTEXT, 0);
+    ok(ret, "failed to set client cert context %u\n", GetLastError());
+
     WinHttpSetStatusCallback(req, cert_error, WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, 0);
 
     ret = WinHttpSendRequest(req, NULL, 0, NULL, 0, 0, 0);
diff --git a/include/winhttp.h b/include/winhttp.h
index 51e82654b7e..3d872807702 100644
--- a/include/winhttp.h
+++ b/include/winhttp.h
@@ -63,6 +63,8 @@ typedef int INTERNET_SCHEME, *LPINTERNET_SCHEME;
 #define WINHTTP_NO_PROXY_NAME               NULL
 #define WINHTTP_NO_PROXY_BYPASS             NULL
 
+#define WINHTTP_NO_CLIENT_CERT_CONTEXT      NULL
+
 #define WINHTTP_NO_REFERER                  NULL
 #define WINHTTP_DEFAULT_ACCEPT_TYPES        NULL