Harden TLS: enable certificate verification and SNI in inet_client.c

## Description

`afc_inet_client_enable_ssl()` creates the TLS context and connects, but the code around `src/inet_client.c:656-718` never enables certificate verification and never sets SNI.

## Impact

HTTPS / SMTPS / POP3S clients can accept untrusted certificates, and some modern virtual-hosted TLS endpoints may fail without SNI.

## Suggested Fix

- Call `SSL_CTX_set_verify()` with `SSL_VERIFY_PEER`
- Load system CA roots
- Check the verification result after the handshake
- Set the hostname with `SSL_set_tlsext_host_name()` before `SSL_connect()`

**Priority:** High — security fix
**Source:** IMPROVEMENTS.md #1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Harden TLS: enable certificate verification and SNI in inet_client.c #8

Description

Impact

Suggested Fix

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Harden TLS: enable certificate verification and SNI in inet_client.c #8

Description

Description

Impact

Suggested Fix

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions