diff --git a/.clang-tidy.yml b/.clang-tidy.yml
index 9ccbbf83d9..17f7a93041 100644
--- a/.clang-tidy.yml
+++ b/.clang-tidy.yml
@@ -13,6 +13,7 @@ Checks:
   - -clang-diagnostic-nullability-extension
   - bugprone-macro-parentheses
   - bugprone-redundant-branch-condition
+  - bugprone-signed-char-misuse
   - bugprone-suspicious-realloc-usage
   - misc-const-correctness
   - misc-header-include-cycle
diff --git a/lib/curlx/inet_pton.c b/lib/curlx/inet_pton.c
index ce324e6d88..d3c53fb579 100644
--- a/lib/curlx/inet_pton.c
+++ b/lib/curlx/inet_pton.c
@@ -70,7 +70,7 @@ static int inet_pton4(const char *src, unsigned char *dst)
   octets = 0;
   tp = tmp;
   *tp = 0;
-  while((ch = *src++) != '\0') {
+  while((ch = (unsigned char)*src++) != '\0') {
     if(ISDIGIT(ch)) {
       unsigned int val = (*tp * 10) + (ch - '0');
 
@@ -129,7 +129,7 @@ static int inet_pton6(const char *src, unsigned char *dst)
   curtok = src;
   saw_xdigit = 0;
   val = 0;
-  while((ch = *src++) != '\0') {
+  while((ch = (unsigned char)*src++) != '\0') {
     if(ISXDIGIT(ch)) {
       val <<= 4;
       val |= curlx_hexval(ch);
diff --git a/lib/mime.c b/lib/mime.c
index 05b24435d4..51c0fcf28a 100644
--- a/lib/mime.c
+++ b/lib/mime.c
@@ -464,7 +464,7 @@ static size_t encoder_qp_read(char *buffer, size_t size, bool ateof,
   while(st->bufbeg < st->bufend) {
     size_t len = 1;
     size_t consumed = 1;
-    int i = st->buf[st->bufbeg];
+    int i = (unsigned char)st->buf[st->bufbeg];
     buf[0] = (char)i;
     buf[1] = aschex[(i >> 4) & 0xF];
     buf[2] = aschex[i & 0xF];
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 04db896473..014aadd17d 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2592,18 +2592,20 @@ static void ossl_trace(int direction, int ssl_ver, int content_type,
 
     if(content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
       if(len) {
-        msg_type = *(const char *)buf;
+        msg_type = *(const unsigned char *)buf;
         msg_name = "Change cipher spec";
       }
     }
     else if(content_type == SSL3_RT_ALERT) {
       if(len >= 2) {
-        msg_type = (((const char *)buf)[0] << 8) + ((const char *)buf)[1];
+        msg_type =
+          (((const unsigned char *)buf)[0] << 8) +
+           ((const unsigned char *)buf)[1];
         msg_name = SSL_alert_desc_string_long(msg_type);
       }
     }
     else if(len) {
-      msg_type = *(const char *)buf;
+      msg_type = *(const unsigned char *)buf;
       msg_name = ssl_msg_type(ssl_ver, msg_type);
     }
 
diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
index b8144c8673..f9389b48e5 100644
--- a/src/tool_urlglob.c
+++ b/src/tool_urlglob.c
@@ -269,8 +269,8 @@ static CURLcode glob_range(struct URLGlob *glob, const char **patternp,
 
     /* if there was a ":[num]" thing, use that as step or else use 1 */
     pat->c.ascii.step = step;
-    pat->c.ascii.letter = pat->c.ascii.min = min_c;
-    pat->c.ascii.max = max_c;
+    pat->c.ascii.letter = pat->c.ascii.min = (unsigned char)min_c;
+    pat->c.ascii.max = (unsigned char)max_c;
 
     if(multiply(amount, (((pat->c.ascii.max - pat->c.ascii.min) /
                          pat->c.ascii.step) + 1)))
diff --git a/tests/libtest/first.c b/tests/libtest/first.c
index 16be8ef9e6..9a82b7ee6e 100644
--- a/tests/libtest/first.c
+++ b/tests/libtest/first.c
@@ -83,7 +83,7 @@ int cgetopt(int argc, const char * const argv[], const char *optstring)
   }
   else {
     const char *opt = strchr(optstring, arg[optpos]);
-    coptopt = arg[optpos];
+    coptopt = (unsigned char)arg[optpos];
     if(!opt) {
       if(!arg[++optpos]) {
         coptind++;
diff --git a/tests/server/mqttd.c b/tests/server/mqttd.c
index 05e58d28bb..c2bff9b751 100644
--- a/tests/server/mqttd.c
+++ b/tests/server/mqttd.c
@@ -503,7 +503,7 @@ static curl_socket_t mqttit(curl_socket_t fd)
       conn_flags = buffer[7];
 
       start_usr = client_id_offset + payload_len;
-      if(usr_flag == (unsigned char)(conn_flags & usr_flag)) {
+      if(usr_flag == (conn_flags & usr_flag)) {
         logmsg("User flag is present in CONN flag");
         payload_len += (size_t)(buffer[start_usr] << 8) |
                        buffer[start_usr + 1];
@@ -511,7 +511,7 @@ static curl_socket_t mqttit(curl_socket_t fd)
       }
 
       start_passwd = client_id_offset + payload_len;
-      if(passwd_flag == (char)(conn_flags & passwd_flag)) {
+      if(passwd_flag == (conn_flags & passwd_flag)) {
         logmsg("Password flag is present in CONN flags");
         payload_len += (size_t)(buffer[start_passwd] << 8) |
                        buffer[start_passwd + 1];
diff --git a/tests/server/tftpd.c b/tests/server/tftpd.c
index 1bf6433e4b..c99fc05a96 100644
--- a/tests/server/tftpd.c
+++ b/tests/server/tftpd.c
@@ -359,7 +359,7 @@ static void read_ahead(struct testcase *test,
     }
     else {
       if(test->rcount) {
-        c = test->rptr[0];
+        c = (unsigned char)test->rptr[0];
         test->rptr++;
         test->rcount--;
       }
@@ -451,7 +451,7 @@ static ssize_t write_behind(struct testcase *test, int convert)
   p = writebuf;
   ct = count;
   while(ct--) {                   /* loop over the buffer */
-    c = *p++;                     /* pick up a character */
+    c = (unsigned char)*p++;      /* pick up a character */
     if(prevchar == '\r') {        /* if prev char was cr */
       if(c == '\n')               /* if have cr,lf then just */
         curl_lseek(test->ofile, -1, SEEK_CUR); /* smash lf on top of the cr */