id summary reporter owner description type status priority milestone component resolution keywords cc 139 Jabber does not verify the server’s SSL certificate andersk@mit.edu "XML::Stream creates all SSL connections with `SSL_verify_mode=>0x00`, so it never verifies the server’s SSL certificate, and any attacker can MITM the connection. I also [https://rt.cpan.org/Public/Bug/Display.html?id=57649 reported] this to XML::Stream upstream, though we could patch BarnOwl’s embedded copy of XML::Stream if necessary." defect new major jabber