Set expected certificate hostname when connecting to an HTTPS server
This commit is contained in:
@@ -1,4 +1,2 @@
|
||||
- From Claude:
|
||||
While peer verification is enabled, there's no hostname verification. An attacker with any valid certificate could MITM connections. Should add SSL_set1_host(ssl, hostname);
|
||||
- Add connection timeouts
|
||||
- Per RFC 6265, cookie values can be quoted. This parser would include the quotes in the value.
|
||||
|
||||
Reference in New Issue
Block a user