[Bug 1677958] Re: no SSL certificate verify
Nish Aravamudan
nish.aravamudan at canonical.com
Wed May 17 15:54:15 UTC 2017
Hello Ruan,
Thank you for keeping us apprised of the situation.
I see in that function, that they do call
SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb);
[elided from your excerpt]
but you are saying the MITM attack exists because they are not verifying
the global context?
** Changed in: nghttp2 (Ubuntu)
Status: Invalid => New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nghttp2 in Ubuntu.
https://bugs.launchpad.net/bugs/1677958
Title:
no SSL certificate verify
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nghttp2/+bug/1677958/+subscriptions
More information about the Ubuntu-server-bugs
mailing list