-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TrustAllX509TrustManager - lint error #1306
Comments
This lint issue is pretty serious. Any Android app containing unsafe implementations of |
Yes, I'd say it's serious, BCX509ExtendedTrustManager is an abstract class, there's obviously a bug in the lint checker. Is there a directive that turns it off for a specific method? So with JcaJceUtils - section 4.1.1 of RFC 7030 actually requires support for connecting to an unknown server as part of it's boot strapping process. These things shouldn't ever have to evaluate client auth though - we've added illegal state exceptions for the client auth side. |
I'm not aware of any, no.
So with that added do you not get the lint error any more? Can you reproduce it when running lint? Thx for the reply and looking into it! |
Also: with that change, as you mentioned,
ATM there is no way to use this dependency without the custom Maybe that could also offer a way to resolve this for a library like the above from |
Hey there. My team's app is also dealing with this. Is there any update here? |
I'm not aware of anyone fixing the Android lint checker as yet. |
Hey any news on this? |
As for the certificate transparency library from app mattus, they removed the dependency.. therefore resolving the issue. |
Any update? |
Apparently it's now possible to add: @SuppressLint("TrustAllX509TrustManager") to the source to disable this check. I'd also note that: provides other directions for how to suppress the error. |
Hi, I write concerning below lint errors we got for our android project.
Ofc adding to baseline would resolve the issue but that's not really the best approach I guess (implementation could change in the future etc.). Any suggestions or awareness for this already?
Thx in advance.
The text was updated successfully, but these errors were encountered: