- By default, all SSL certificates are now validated. To bypass validation, simply call Request.validateSSLCertificates(false) before executing the HTTP Request.

pborissow · pborissow · commit 213a90ea6421 · 2017-11-15T17:34:00.000Z
git-svn-id: svn://192.168.0.80/JavaXT/javaxt-core@918 2c7b0aa6-e0b2-3c4e-bb4a-8b65b6c465ff
diff --git a/src/javaxt/http/Request.java b/src/javaxt/http/Request.java
@@ -75,7 +75,7 @@ public boolean verify(String hostname, SSLSession session) {
         }
     };
 
-    private boolean validateCertificates = false;
+    private boolean validateCertificates = true;
 
 
     public Request clone(){
@@ -238,7 +238,11 @@ public void setUseCache(boolean useCache){
   //** validateSSLCertificates
   //**************************************************************************
   /** Used to enable/disable certificate validation for HTTPS Connections.
-   *  Note that this is set to false by default.
+   *  By default, certificates are validated via a Certificate Authority (CA).
+   *  However, there are times where you may not want to validate a site's
+   *  certificate (e.g. connecting to a intranet site or a development server 
+   *  with self-signed certificate). In these cases, you can bypass the 
+   *  validation process by setting this method to false. 
    */
     public void validateSSLCertificates(boolean validateCertificates){
         this.validateCertificates = validateCertificates;
