https://bugzilla.redhat.com/show_bug.cgi?id=1127276
--- Doc Text *updated* by Chess Hazlett chazlett@redhat.com --- It was found that SSLSocket in Smack did not perform hostname verification. An attacker could redirect traffic between an application and an XMPP server by providing a valid certificate for a domain under the attacker's control.