-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insecure SSL configuration in AbstractHttpSenderModule #20
Labels
Comments
Thanks for pointing this out. |
Thanks for PR #21 |
phax
added a commit
that referenced
this issue
May 4, 2016
The commit adds 2 additional protected methods that allows you to customize |
Indeed. Thanks. |
You want a 2.2.8 release |
Release 2.2.8 is out |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've noticed that the SSL configuration in AbstractHttpSenderModule is insecure, in that it does not verify certificates or hostames (using DoNothingTrustManager and HostnameVerifierAlwaysTrue).
Moreover, there seem to be no obvious way to override these when used from AS2ClientBuilder / AS2Client, since AS2Client.sendSynchronous() does instantiate an insecure AS2SenderModule directly, without any factory or configuration point.
Is this by design? Would you accept a pull request that made the AS2SenderModule configurable?
Cheers
The text was updated successfully, but these errors were encountered: