I should post this message under this subject,
not Re: Relayd TLS client mode CA verification.
#
Unfortunately relayd still has this bug.
I have:
sysctl kern.version
kern.version=OpenBSD 6.0-beta (GENERIC.MP) #2198: Sun Jun 19 11:58:45 MDT
2016
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
As was said: if destination can be predicted at config writing time,
then there is workaround. However I use relayd also for MitM on
my browser to enhance my privacy using privoxy. This lack of
certificate check makes me vulnerable for MitM attack by
someone outside my computer.
