0

Is there a way to initialize ssl context in java without a trust store?

private static SSLContext getSSLContext(
    final KeyManager[] keyManagers, final TrustManager[] trustManagers)
    throws KeyManagementException, NoSuchAlgorithmException {
  final SSLContext sslContext = SSLContext.getInstance("TLS");
  sslContext.init(keyManagers, trustManagers, new SecureRandom());

  return sslContext;
}

I want the above code to not throw a null pointer exception when TrustManager[] is null or empty, as my application does not require a trust store in certain cases, in those cases I dont want to add a trust store.

I tried looking for an overloaded sslContext.init() where it does not ask for a trust manager as a parameter, but I did not find any.

István Zsolnai
  • 1
  • 2
  • 1
    First: are you **absolutely sure** that you do not need a trust manager? Because in any case where you really don't you might as well not use TLS at all (because without trust, TLS does *extremely little* to protect data in transit and is incredibly easy to defeat). Second: you might just have to implement your own dummy trust manager in those cases (there are plenty of examples out there, but I suggest you **don't** go that route, because of the reasons I mentioned earlier). – Joachim Sauer Nov 23 '22 at 10:07
  • In the case where I don't need the truststore, I am already feeding an empty truststore to the app, this is what I'm trying to solve, that I don't even need to feed it an empty truststore. I'm absolutely sure I don't need it. Thanks! :) – István Zsolnai Nov 23 '22 at 10:16

0 Answers0