This problem can be closed .Sorry for disturbing you.For some reasons ,we do analysis on Ubuntu 16.04.,where the nghttp2 version is 1.7.1, NO SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb) exists,so we can do MITM attack.
We find in the lastest version 1.22.0,this bug has fixed.Thank for you timely reply and patience.Also apologize for my carelessness.
This problem can be closed .Sorry for disturbing you.For some reasons ,we do analysis on Ubuntu 16.04.,where the nghttp2 version is 1.7.1, NO SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb) exists,so we can do MITM attack.
We find in the lastest version 1.22.0,this bug has fixed.Thank for you timely reply and patience.Also apologize for my carelessness.