You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cl-async will happily connect to e.g. wrong.host.badssl.com unless you create the SSL context yourself. The offending code seems to do this explicitly:
(ctx (or ssl-ctx
(let ((ctx (create-ssl-ctx :options ssl-options)))
(ssl-ctx-set-default-verify-paths ctx)
;; TODO better verify support
(ssl-ctx-set-verify ctx +ssl-verify-none+ (cffi:null-pointer))
ctx))))
What is the reason for not using (ssl-ctx-set-verify ctx +ssl-verify-peer+ (cffi:null-pointer)) here? Even if there is no support for user callbacks yet, surely that would be a saner default.
The text was updated successfully, but these errors were encountered:
cl-asyncwill happily connect to e.g. wrong.host.badssl.com unless you create the SSL context yourself. The offending code seems to do this explicitly:What is the reason for not using
(ssl-ctx-set-verify ctx +ssl-verify-peer+ (cffi:null-pointer))here? Even if there is no support for user callbacks yet, surely that would be a saner default.The text was updated successfully, but these errors were encountered: