This problem can be closed .Sorry for disturbing you.For some reasons ,we do analysis on Ubuntu 16.04.,where the nghttp2 version is 1.7.1, NO SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb) exists,so we can do MITM attack. We find in the lastest version 1.22.0,this bug has fixed.Thank for you timely reply and patience.Also apologize for my carelessness.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1677958 Title: no SSL certificate verify To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nghttp2/+bug/1677958/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
