You're right, the client code doesn't seem to verify certificates, making TLS mostly pointless. However, traffic between prayer/prayer-session, prayer-accountd, and the backend LDAP server typically is over the loopback interface or at least a trusted LAN, not over the public Internet, making the impact low. I'll see what I can do though.
You're right, the client code doesn't seem to verify certificates, making TLS mostly pointless. However, traffic between prayer/ prayer- session, prayer-accountd, and the backend LDAP server typically is over the loopback interface or at least a trusted LAN, not over the public Internet, making the impact low. I'll see what I can do though.