It appears that certificates presented by servers are not being verified. Which that behavior is often exposed as an option, it is not a good default as it means man-in-the-middle attacks can be easily missed, greatly reducing the utility of SSL. Feel free to crib from this commit.
I'd like to contribute the various C function bindings missing in this module, but that I've temporarily added in my work-in-progress IO::Socket::Async::SSL, back to this one, so we can keep all of the C binding aspects of OpenSSL in one place; I'll submit a PR for that once my development work over in my new module gets a bit further along.
It appears that certificates presented by servers are not being verified. Which that behavior is often exposed as an option, it is not a good default as it means man-in-the-middle attacks can be easily missed, greatly reducing the utility of SSL. Feel free to crib from this commit.
I'd like to contribute the various C function bindings missing in this module, but that I've temporarily added in my work-in-progress
IO::Socket::Async::SSL
, back to this one, so we can keep all of the C binding aspects of OpenSSL in one place; I'll submit a PR for that once my development work over in my new module gets a bit further along.