In this case, our algorithm is not accurate. Actually it didn't find SSL_new for other reasons. So the above result can't support our conclusion.
But later we verified the code manually and found that jabberd2 didn't call SSL_CTX_set_verify(), so it must be that jabberd2 didn't verify the certificate.
In this case, our algorithm is not accurate. Actually it didn't find SSL_new for other reasons. So the above result can't support our conclusion.
But later we verified the code manually and found that jabberd2 didn't call SSL_CTX_ set_verify( ), so it must be that jabberd2 didn't verify the certificate.
Sorry for the confusion.