My IoT Device is connecting to server using TLS. on Device side implementtaion (with wolfSSL) we are just passing CA (root) cert to validate/ authenticate the server! any specific identity of server is NOT being passed apart from the server url – that means server is being authenticated just via the CA root cert!
if a server is being authenticated just via a root cert, any other body (not ligitimate server) could present its cert and will be authenticated by my IoT device!
Isn’t this implementation having security gaps? shouldn’t the specific server identity be validated alongwith the cert?