RUSTSEC-2017-0003: security-framework: Hostname verification skipped when custom root certs used


If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate.

This issue was fixed by properly configuring the trust evaluation logic to perform that check.

More Info

Patched Versions