NACK. This is unacceptable for anything that uses encryption:
libfreerdp/crypto_openssl.c:
RD_BOOL crypto_cert_verify(CryptoCert server_cert, CryptoCert cacert) { /* FIXME: do the actual verification */ return True; }
I didn't look any further than this; it implies a grievous lack of attention to security.
NACK. This is unacceptable for anything that uses encryption:
libfreerdp/ crypto_ openssl. c:
RD_BOOL cert_verify( CryptoCert server_cert, CryptoCert cacert)
crypto_
{
/* FIXME: do the actual verification */
return True;
}
I didn't look any further than this; it implies a grievous lack of attention to security.