Fix code scanning alert - `TrustManager` that accepts all certificates
Closed this issue · 3 comments
ArnyminerZ commented
Tracking issue for:
ArnyminerZ commented
rfc2822 commented
Yes, it's a false positive, probably caused because our CustomCertManager's checkServerTrusted
doesn't throw CertificateException
directly, but calls checkCustomTrusted
which throws the exception.
However the design of checkServerTrusted
and checkCustomTrusted
should become improved by bitfireAT/cert4android#12 when we don't need those AIDL callbacks anymore.
ArnyminerZ commented
Then I think this can be closed 😉