You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jmeter.apache.org by fs...@apache.org on 2020/03/01 09:32:47 UTC
[jmeter] branch master updated: Add comment to warn developer that
it is not secure
This is an automated email from the ASF dual-hosted git repository.
fschumacher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jmeter.git
The following commit(s) were added to refs/heads/master by this push:
new 704adb9 Add comment to warn developer that it is not secure
704adb9 is described below
commit 704adb91f7f967402b9b709e89f5b73f0a466283
Author: YYTVicky <61...@users.noreply.github.com>
AuthorDate: Sat Feb 29 21:30:54 2020 -0800
Add comment to warn developer that it is not secure
Adapted the wording of the original PR a bit, to make it even
more clear, that trusting everyone is not secure.
Closes #559 on github
---
.../src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java | 3 ++-
xdocs/changes.xml | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java b/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
index 8514b25..e3a8146 100644
--- a/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
+++ b/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
@@ -32,7 +32,8 @@ import javax.net.ssl.X509ExtendedTrustManager;
/**
* This class can be used as a SocketFactory with SSL-connections.<p>
- * Its purpose is to ensure that all certificates - no matter from which CA - are accepted to secure the SSL-connection.
+ * Its purpose is to ensure that all certificates - no matter from which CA - are accepted to enable the SSL-connection.<p>
+ * <b>This is of course not secure</b>
*/
public class TrustAllSSLSocketFactory extends SSLSocketFactory { // NOSONAR JMeter is a pentest and perf testing tool
diff --git a/xdocs/changes.xml b/xdocs/changes.xml
index 7fa166a..f17a535 100644
--- a/xdocs/changes.xml
+++ b/xdocs/changes.xml
@@ -149,6 +149,7 @@ to view the last release notes of version 5.2.1.
<li>Updated ph-commons to 9.3.9 (from 9.3.7)</li>
<li>Updated rsyntaxtextarea to 3.0.8 (from 3.0.4)</li>
<li>Updated rhino to 1.7.12 (from 1.7.11)</li>
+ <li><pr>559</pr>Add a note to the source of TrustAllSSLSocketFactory, that it is not secure to trust everyone. Based on a PR from YYTVicky (yytvicky at github)</li>
</ul>
<!-- =================== Bug fixes =================== -->
@@ -226,6 +227,7 @@ to view the last release notes of version 5.2.1.
<li>yangxiaofei77 (yangxiaofei77 at gmail.com)</li>
<li>Markus Wolf (wolfm at t-systems.com)</li>
<li>Pierre Astruc (pierre.astruc at evertest.com)</li>
+ <li>YYTVicky (yytvicky at github)</li>
</ul>
<p>
Apologies if we have omitted anyone else.