A recent security audit of #Conversations_im¹ found that wildcard certificate handling didn’t fully comply with the spec.
Conversations was accepting *.a.example for c.b.a.example, even though wildcards are only meant to match a single label.
This issue has been fixed in version 2.18.0, now live on Google Play.
Nicoco reshared this.