CVE-2024-55581
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server’s certificate (unless the using program specifies a TLS configuration).
That reminds me, I’d like to do a Ada/SPARK TLS implementation… but the best way to do that is an Ada/SPARK proved implementation of ASN.1. (The security certificate is, itself, an ASN.1 object, encoded with BER, if memory serves.)
I take my hat off. ASN.1 is sheer horror. Though I do not understand the problem, if client allows desired settings just do it.