Expired SSL Certificate Verification Method
maelgangloff opened this issue · 0 comments
maelgangloff commented
Hello,
I'm confused about the method used to check if the SSL certificate is valid.
With this code, a self-signed certificate (not certified by a certification authority) could pass without problem and can endanger the security of communication with Skolengo APIs. This makes your app vulnerable to man-in-the-middle attacks.
If a specific certificate expiration error is returned by the http client, I recommend testing if the certificate is recognized as expired instead. This will at least ensure that it has been signed by a CA even if it's expired...
Commit: 5bfcd7e
Best regards