New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FingerprintTrustManagerFactory javadoc note cryptic #5173
Comments
It only checks the fingerprint. It does not traverse the certificate chain at all. Theoretically, there's a chance where an attacker can forge a certificate with identical fingerprint, although it's not going to be very easy. I agree that it needs better documentation though. Would you be interested in sending us a PR? |
Ah ok, it makes sense to point that out. Will make a PR to improve docs. |
Thanks a lot, @CodingFabian ! |
@CodingFabian any progress here ? |
woops, forgot. coming |
…y javadoc Motivation: The current note reads as if this class is dangerous and advises the reader to "understand what this class does". Modifications: Rewrite the Javadoc note to describe what fingerprint checks are and what problems remain. Result: Clearer description which no longer causes the impression this class is dangerous.
Fixed by #5195 |
the javadoc says:
"Never use this {@link TrustManagerFactory} in production unless you are sure exactly what you are doing with it."
I was actually sure that in order to prevent MITM attacks, I want to pin the serverside certificates to a list of well known fingerprints. I do not want to accept other certificates.
So I think I know what I am doing, but this note made me feel uneasy. Why is it formulated so strongly? Why is it not explaining what "this TrustmanagerFactory" actually does?
I am currently trying to figure out if there is an unintentional side effect, but can't find it :-)
The text was updated successfully, but these errors were encountered: