Client doesn't verify server's TLS certifcate
Client configuration really should verify the server's TLS certificate by default, with configuration settings to not verify, or verify it's a given key.
Edited by Lars Wirzenius
Client configuration really should verify the server's TLS certificate by default, with configuration settings to not verify, or verify it's a given key.