Hello Ruan,
Thank you for keeping us apprised of the situation.
I see in that function, that they do call
SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
[elided from your excerpt]
but you are saying the MITM attack exists because they are not verifying the global context?
Hello Ruan,
Thank you for keeping us apprised of the situation.
I see in that function, that they do call
SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
[elided from your excerpt]
but you are saying the MITM attack exists because they are not verifying the global context?