rspec/rules/S4830/common/fix/validation.adoc

Addressing the vulnerability of disabled TLS certificate validation primarily
involves re-enabling the default validation.

To avoid running into problems with invalid certificates, consider the following
sections.

==== Using trusted certificates

If possible, always use a certificate issued by a well-known, trusted CA for
your server. Most programming environments come with a predefined list of
trusted root CAs, and certificates issued by these authorities are validated
automatically. This is the best practice, and it requires no additional code or
configuration.

==== Working with self-signed certificates or non-standard CAs

In some cases, you might need to work with a server using a self-signed
certificate, or a certificate issued by a CA not included in your trusted roots.
Rather than disabling certificate validation in your code, you can add the
necessary certificates to your trust store.
Modify rule S4830: LaYC format (#2176) 2023-06-20 13:26:14 +02:00			`Addressing the vulnerability of disabled TLS certificate validation primarily`
			`involves re-enabling the default validation.`

			`To avoid running into problems with invalid certificates, consider the following`
			`sections.`

			`==== Using trusted certificates`

			`If possible, always use a certificate issued by a well-known, trusted CA for`
			`your server. Most programming environments come with a predefined list of`
			`trusted root CAs, and certificates issued by these authorities are validated`
			`automatically. This is the best practice, and it requires no additional code or`
			`configuration.`

			`==== Working with self-signed certificates or non-standard CAs`

			`In some cases, you might need to work with a server using a self-signed`
			`certificate, or a certificate issued by a CA not included in your trusted roots.`
			`Rather than disabling certificate validation in your code, you can add the`
			`necessary certificates to your trust store.`