ok2c commented on code in PR #492:
URL:
https://github.com/apache/httpcomponents-client/pull/492#discussion_r1348432067
##########
httpclient5/src/test/java/org/apache/hc/client5/http/examples/AsyncClientCustomSSL.java:
##########
@@ -59,6 +59,11 @@ public class AsyncClientCustomSSL {
public static void main(final String[] args) throws Exception {
// Trust standard CA and those trusted by our custom strategy
final SSLContext sslContext = SSLContexts.custom()
+ // Specify a custom TrustStrategy
Review Comment:
@Marcono1234 Can we start off by saying something like that? " Custom
`TrustStrategy`s are intended for verification of certificates whose CA is
either non-trusted or is not present in the trust stores used by the system".
Can we re-word "While this example is better than using TrustAllStrategy
..." as "Validation of the server certificate without validation of the entire
certificate chain is still preferred to completely disabling of trust
verification, however ..."
Feel free to re-phrase the sentences as you deem appropriate to make it
sound more English.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
