CVE-2017-18588

The CVE targets the Rust security-framework crate (before 0.1.12). When ClientBuilder uses custom root certificates, hostname verification for TLS certificates does not occur. The issue is caused by hostname validation not being performed in that scenario. A fix is available by upgrading to 0.1.1...