Improper Certificate Validation
Connections initialized by the AWS IoT Device SDK v2 for Java, Python, C++ and Node.js does not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python …