When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS servers certificate (unless the using program specifies a TLS configuration).
The product does not validate, or incorrectly validates, a certificate.