CWE-599
Missing Validation of OpenSSL Certificate
The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that proper authentication is included in the system design.
Mitigation
Phase: Implementation
Description:
- Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.
No CAPEC attack patterns related to this CWE.