You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jmeter.apache.org by fs...@apache.org on 2020/03/01 09:32:47 UTC

[jmeter] branch master updated: Add comment to warn developer that it is not secure

This is an automated email from the ASF dual-hosted git repository.

fschumacher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jmeter.git


The following commit(s) were added to refs/heads/master by this push:
     new 704adb9  Add comment to warn developer that it is not secure
704adb9 is described below

commit 704adb91f7f967402b9b709e89f5b73f0a466283
Author: YYTVicky <61...@users.noreply.github.com>
AuthorDate: Sat Feb 29 21:30:54 2020 -0800

    Add comment to warn developer that it is not secure
    
    Adapted the wording of the original PR a bit, to make it even
    more clear, that trusting everyone is not secure.
    
    Closes #559 on github
---
 .../src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java | 3 ++-
 xdocs/changes.xml                                                      | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java b/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
index 8514b25..e3a8146 100644
--- a/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
+++ b/src/core/src/main/java/org/apache/jmeter/util/TrustAllSSLSocketFactory.java
@@ -32,7 +32,8 @@ import javax.net.ssl.X509ExtendedTrustManager;
 
 /**
  * This class can be used as a SocketFactory with SSL-connections.<p>
- * Its purpose is to ensure that all certificates - no matter from which CA - are accepted to secure the SSL-connection.
+ * Its purpose is to ensure that all certificates - no matter from which CA - are accepted to enable the SSL-connection.<p>
+ * <b>This is of course not secure</b>
  */
 public class TrustAllSSLSocketFactory extends SSLSocketFactory  { // NOSONAR JMeter is a pentest and perf testing tool
 
diff --git a/xdocs/changes.xml b/xdocs/changes.xml
index 7fa166a..f17a535 100644
--- a/xdocs/changes.xml
+++ b/xdocs/changes.xml
@@ -149,6 +149,7 @@ to view the last release notes of version 5.2.1.
     <li>Updated ph-commons to 9.3.9 (from 9.3.7)</li>
     <li>Updated rsyntaxtextarea to 3.0.8 (from 3.0.4)</li>
     <li>Updated rhino to 1.7.12 (from 1.7.11)</li>
+    <li><pr>559</pr>Add a note to the source of TrustAllSSLSocketFactory, that it is not secure to trust everyone. Based on a PR from YYTVicky (yytvicky at github)</li>
 </ul>
 
  <!-- =================== Bug fixes =================== -->
@@ -226,6 +227,7 @@ to view the last release notes of version 5.2.1.
   <li>yangxiaofei77 (yangxiaofei77 at gmail.com)</li>
   <li>Markus Wolf (wolfm at t-systems.com)</li>
   <li>Pierre Astruc (pierre.astruc at evertest.com)</li>
+  <li>YYTVicky (yytvicky at github)</li>
 </ul>
 <p>
 Apologies if we have omitted anyone else.