async-http-client: SSL/TLS certificate verification is disabled under certain conditions
It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle MITM attacker could use this flaw to spoof a valid certificate...