Enterprise software purposefully circumventing certificates
Enterprise software purposefully circumventing certificates
Posted Nov 1, 2012 8:34 UTC (Thu) by pkolloch (subscriber, #21709)Parent article: Holes discovered in SSL certificate validation
Many developers seek to circumvent certificate verification on purpose: For convenience. While it might make sense for the testing environment, it certainly is a risk for production.
One example from the Java Play Framework 1.2.x:
https://github.com/playframework/play/blob/aef222a2e8859f...