On Tue, Jan 07, 2020 at 03:32:02PM +0100, Alexander Bluhm wrote:
> When the netcat server should check the certificate hash of the
> client, it always succeeds. So nc -c -H -l is always successful,
> no matter what certificate the client provides.
> The bug is that the TLS context of the listen socket is used instead
> of the accepted connection.
> Also I would like to fail if the user wants to validate a hash, but
> there is none. The fail open logic prevented that the bug was
> detected for a long time.