I should post this message under this subject, not Re: Relayd TLS client mode CA verification. # Unfortunately relayd still has this bug.
I have: sysctl kern.version kern.version=OpenBSD 6.0-beta (GENERIC.MP) #2198: Sun Jun 19 11:58:45 MDT 2016 r...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP As was said: if destination can be predicted at config writing time, then there is workaround. However I use relayd also for MitM on my browser to enhance my privacy using privoxy. This lack of certificate check makes me vulnerable for MitM attack by someone outside my computer.