The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
Published May 27, 2020.
Pichi Project Pichi
