> Is the first bullet related to this > http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf? > > The Most Dangerous Code in the World: > Validating SSL Certificates in Non-Browser Software Sort of. There are some much more basic problems with the clients right now (actually with the python api in general). Things like not allowing the use of a user-provided root certification chain, and not validating that the cert coming from the cloud side is valid based on your certificate chain. However, this is a good paper and could provide some guidance on how to do this stuff correctly. Another useful resource is: https://www.isecpartners.com/storage/files/everything-you-wanted-to-know-about-openssl.pdf Cheers, -bryan