'MITM on server certificate validation in TLS
When a client verifies a digital signature, it decrypts the signature with the public key of the certification authority and compares the result with the data checksum and also verifies the host specified in the certificate. If an attacker sends my server's certificate to the client without any changes, and my question is what prevents the client from accepting this certificate? After all, the checksum and the host will be what the client expects them to see.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|