ok2c commented on code in PR #438:
URL:
https://github.com/apache/httpcomponents-core/pull/438#discussion_r1342546547
##########
httpcore5/src/main/java/org/apache/hc/core5/ssl/TrustStrategy.java:
##########
@@ -34,6 +34,19 @@
* configured in the actual SSL context. This interface can be used to
override the standard
* JSSE certificate verification process.
*
+ * <h2>Security Warning</h2>
+ * If a trust strategy considers a certificate chain to be trusted, then the
default trust manager
+ * will not be consulted. Trust strategy implementations must therefore
properly check the complete
+ * certificate chain. Checking for example only the subject of a certificate
does not protect
Review Comment:
@Marcono1234 Could you please tone it down a little? There are plenty of
situations in the real world settings where one _must_ integrate with an
external server, whose CA is not trusted. One may want is to trust that
specific host but not other hosts signed by the same CA.
##########
httpcore5/src/main/java/org/apache/hc/core5/ssl/TrustStrategy.java:
##########
@@ -34,6 +34,19 @@
* configured in the actual SSL context. This interface can be used to
override the standard
* JSSE certificate verification process.
*
+ * <h2>Security Warning</h2>
+ * If a trust strategy considers a certificate chain to be trusted, then the
default trust manager
+ * will not be consulted. Trust strategy implementations must therefore
properly check the complete
+ * certificate chain. Checking for example only the subject of a certificate
does not protect
+ * against man-in-the-middle attacks. For self-signed certificates prefer
specifying a keystore
+ * containing the certificate chain when calling the {@link SSLContextBuilder}
{@code loadTrustMaterial}
+ * methods instead of implementing a custom trust strategy.
+ *
+ * <p>A trust strategy cannot be used for certificate pinning. When {@code
isTrusted} returns
Review Comment:
A trust strategy **_alone_** cannot be used for certificate pinning.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
