Github user tmaret commented on the issue:
https://github.com/apache/httpclient/pull/56
bq. Allows the new HTTP Client instance to blindly trust all SSL
self-signed certificates. Pay attention on no enabling this feature in
production environment as it is totally insecure!
In order to avoid production environments to use this insecure
configuration, how about splitting the code in two bundles ?
The base bundle `httpclient5-osgi` would feature an extension mechanism
that allow to plug a new bundle containing the insecure code and configuration.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
