You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, please consider removing trustAllCertificates and getTlsSslContext.
Both are not used by arquilian-cube as far as my static analysis tool knows.
Both functions are in my opinion dangerous and should be removed if they are unused. trustAllCertificates trusts all certificates and disables hostname verification.
This is problematic, because it does this for everyHttpsURLConnection. getTlsSslContext only trusts all certificates but does not do this for everyHttpsURLConnection.
Obviously this is your project so there might be very valid reasons to keep these methods :)
The text was updated successfully, but these errors were encountered:
Issue Overview
Hi, please consider removing trustAllCertificates and
getTlsSslContext.
Both are not used by
arquilian-cube
as far as my static analysis tool knows.Both functions are in my opinion dangerous and should be removed if they are unused.
trustAllCertificates
trusts all certificates and disables hostname verification.This is problematic, because it does this for every
HttpsURLConnection
.getTlsSslContext
only trusts all certificates but does not do this for everyHttpsURLConnection
.Obviously this is your project so there might be very valid reasons to keep these methods :)
The text was updated successfully, but these errors were encountered: