== Why is this an issue?

include::../description.adoc[]

=== Noncompliant code example

``++checkClientTrusted++`` and/or ``++checkServerTrusted++`` custom implementations from ``++X509TrustManager++`` interface accept any certificates:

[source,kotlin]
----
// Create a trust manager that does not validate certificate chains
val trustAllCerts = arrayOf<TrustManager>(object : X509TrustManager {
  @Throws(CertificateException::class)
  override fun checkClientTrusted(chain: Array<java.security.cert.X509Certificate>, authType: String) {
  } // Noncompliant (s4830)

  @Throws(CertificateException::class)
  override fun checkServerTrusted(chain: Array<java.security.cert.X509Certificate>, authType: String) {
  } // Noncompliant (s4830)

  override fun getAcceptedIssuers(): Array<java.security.cert.X509Certificate> {
   return arrayOf()
  } 
 })

// Install the all-trusting trust manager
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustAllCerts, java.security.SecureRandom())
----

=== Compliant solution

By default, when a ``++TrustManager++`` is not set,  ``++sslContext++`` will search for a default secure installed security provider:

[source,kotlin]
----
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, null, java.security.SecureRandom())
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]