TrustAllX509TrustManager android lint warning SSLBlindTrustManager

[antoni-sgz-tw]

Environment

• Android Studio Chipmunk | 2021.2.1 Patch 2
• openkit-java v2.2.0

Problem
warning [TrustAllX509TrustManager](https://github.com/Dynatrace/openkit-java/issues/new#TrustAllX509TrustManager): Insecure TLS/SSL trust manager

Insecure TLS/SSL trust manager [../../com/dynatrace/openkit/protocol/ssl/SSLBlindTrustManager%24BlindX509TrustManager.class](https://github.com/Dynatrace/com/dynatrace/openkit/protocol/ssl/SSLBlindTrustManager%24BlindX509TrustManager.class): checkClientTrusted is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers [../../com/dynatrace/openkit/protocol/ssl/SSLBlindTrustManager%24BlindX509TrustManager.class](https://github.com/Dynatrace/com/dynatrace/openkit/protocol/ssl/SSLBlindTrustManager%24BlindX509TrustManager.class): checkServerTrusted is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers

Steps to reproduce

• Run lintDebug Gradle task
  ./gradlew lintDebug

[TheHighriser]

The SSLBlindTrustManager only exists for debugging purpose. We know that this Manager is insecure, but its main purpose is to exclude certificate problems (if there are any). Per default this manager is not in use.

Do you expect us to ignore those lint warnings?

[antoni-sgz-tw]

If possible yes.

To work around provisionally I ignored the warning in the lint.xml file
<?xml version="1.0" encoding="UTF-8"?> <lint> <issue id="TrustAllX509TrustManager" severity="ignore"> <ignore path="*/com/dynatrace" /> </issue> </lint>

[TheHighriser]

We will try to take care of it with the next release.