libcurl skips the certificate verification for a QUIC connection under
certain conditions, when built to use wolfSSL. If told to use an
unknown/bad cipher or curve, the error path accidentally skips the
verification and returns OK, thus ignoring any certificate problems.
Author | Note |
---|---|
Priority reason: Upstream developers consider this a low severity issue | |
mdeslaur | Ubuntu package does not use the wolfSSL backend. Only affects 8.6.0. |