spdycat doesn't validate server certificates

Question

spdycat doesn't validate server certificates

acdha opened this issue 10 years ago · 1 comments

While testing a new webserver, I happened to run spdycat v1.3.2 against a server which has a valid SSL certificate but not for the hostname in question. Everything worked without any indication that it should not have.

Answer 1 · 2015-04-09T14:22:36.000Z

spdycat is designed as debugging tool for SPDY protocol application, and no much work has been done for certificate verification so far.