Files
cHTTP/misc/TODO.txt
T
2025-11-21 21:10:54 +01:00

5 lines
315 B
Plaintext

- From Claude:
While peer verification is enabled, there's no hostname verification. An attacker with any valid certificate could MITM connections. Should add SSL_set1_host(ssl, hostname);
- Add connection timeouts
- Per RFC 6265, cookie values can be quoted. This parser would include the quotes in the value.