- Issued
-
- Package
-
security-framework
(crates.io)
- Type
-
Vulnerability
- Aliases
-
- Details
-
https://github.com/sfackler/rust-security-framework/pull/27
- Patched
-
- Keywords
-
Description
If custom root certificates were registered with a ClientBuilder, the
hostname of the target server would not be validated against its presented leaf
certificate.
This issue was fixed by properly configuring the trust evaluation logic to
perform that check.
More