When I used the excellent oat++ library to make a call, I noticed that the certificate from the server was not checked against a list of trusted roots, and that the server name was not matched. Certificate verification and hostname validation protect against man-in-the-middle attacks. I modified the code to add these features, then decided to submit it.
When I used the excellent oat++ library to make a call, I noticed that the certificate from the server was not checked against a list of trusted roots, and that the server name was not matched. Certificate verification and hostname validation protect against man-in-the-middle attacks. I modified the code to add these features, then decided to submit it.