|
|
|
|
|
|
by marcan42
4501 days ago
|
|
|
An integration test wouldn't catch this one. You need a specific malicious SSL server (presents a valid certificate, uses ephemeral mode, does not present a valid signature proving that it owns the private key). The code does validate certificates, otherwise this would've been caught ages ago by anyone trying an invalid cert. Unit tests would've caught this, though. |
|
|