diff --git a/src/anchor.c b/src/anchor.c
index afdf1bf1..cefa2477 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -744,7 +744,7 @@ void _getdns_context_equip_with_anchor(
 	else if (!verify_CA || !*verify_CA)
 		_getdns_log( &context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
-		           , "Trust anchor verification explicitely "
+		           , "Trust anchor verification explicitly "
 		             "disabled by empty verify CA\n");
 
 	else if ((r = getdns_context_get_trust_anchors_verify_email(
@@ -757,7 +757,7 @@ void _getdns_context_equip_with_anchor(
 	else if (!verify_email || !*verify_email)
 		_getdns_log( &context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
-		           , "Trust anchor verification explicitely "
+		           , "Trust anchor verification explicitly "
 		             "disabled by empty verify email\n");
 
 	else if (!(xml_data = _getdns_context_get_priv_file(context,
@@ -1599,7 +1599,7 @@ void _getdns_start_fetching_ta(
 	} else if (!verify_CA || !*verify_CA) {
 		_getdns_log( &context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
-		           , "Trust anchor verification explicitely "
+		           , "Trust anchor verification explicitly "
 		             "disabled by empty verify CA\n");
 		return;
 
@@ -1614,7 +1614,7 @@ void _getdns_start_fetching_ta(
 	} else if (!verify_email || !*verify_email) {
 		_getdns_log( &context->log
 		           , GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
-		           , "Trust anchor verification explicitely "
+		           , "Trust anchor verification explicitly "
 		             "disabled by empty verify email\n");
 		return;
 
diff --git a/src/stub.c b/src/stub.c
index d7af6eb4..ad9b0b24 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1224,10 +1224,10 @@ tls_do_handshake(getdns_upstream *upstream)
 		long verify_result = SSL_get_verify_result(upstream->tls_obj);
 
 /* In case of DANESSL use, and a tls_auth_name was given alongside a pinset,
- * we need to verify auth_name explicitely (otherwise it will not be checked,
+ * we need to verify auth_name explicitly (otherwise it will not be checked,
  * because this is not required with DANE with an EE match).
  * This is not needed with native OpenSSL DANE, because EE name checks have
- * to be disabled explicitely.
+ * to be disabled explicitly.
  */
 #if defined(HAVE_X509_CHECK_HOST) && (defined(USE_DANESSL) || !defined(HAVE_SSL_HN_AUTH))
 		int xch;
diff --git a/src/util-internal.c b/src/util-internal.c
index 45fd2fda..437a9679 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -711,7 +711,7 @@ _getdns_create_reply_dict(getdns_context *context, getdns_network_req *req,
 	else	goto error;
 
 	/* other stuff
-	 * Note that spec doesn't explicitely mention these.
+	 * Note that spec doesn't explicitly mention these.
 	 * They are only showcased in the response dict example */
 	if (getdns_dict_set_int(result, "answer_type", GETDNS_NAMETYPE_DNS))
 		goto error;