Can you share more information on this, such as the tool you used for static analysis or more detailed output? Ideal would be the code path that your tool believes exhibits the behaviour.
libeap's internal method tls_connection_set_verify() should be called to set the verification callback for the context before SSL_connect() or SSL_accept() is reached - if there is a code path that makes this not be the case, it's not immediately obvious. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1677947 Title: no SSL certificate verify To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/moonshot-gss-eap/+bug/1677947/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs