Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

TrustAllX509TrustManager lint warning with firebase-messaging 23.0.1

See original GitHub issue

[REQUIRED] Step 2: Describe your environment

Android Studio version: Android Studio Bumblebee | 2021.1.1 Patch 2
Firebase Component: Messaging (Database, Firestore, Storage, Functions, etc)
Component version: 23.0.1

[REQUIRED] Step 3: Describe the problem

After upgrading firebase-messaging from 23.0.0 to 23.0.1, upon executing the Gradle lintRelease task, we encountered the following error on all of our modules (path modified to remove sensitive info):

/Users/me/dev/work/app/module/com/google/api/client/util/SslUtils$1.class: Error: checkClientTrusted is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers [TrustAllX509TrustManager]

   Explanation for issues of type "TrustAllX509TrustManager":
   This check looks for X509TrustManager implementations whose
   checkServerTrusted or checkClientTrusted methods do nothing (thus trusting
   any certificate chain) which could result in insecure network traffic
   caused by trusting arbitrary TLS/SSL certificates presented by peers.

Steps to reproduce:

Run lintRelease Gradle task

Issue Analytics

State:
Created 2 years ago
Reactions:3
Comments:9 (4 by maintainers)

Top GitHub Comments

2reactions

alvindizoncommented, Mar 20, 2022

I can confirm that this has been fixed with 23.0.2 as well, thanks!

1reaction

G00fY2commented, Mar 16, 2022

We are also facing this issue after the firebase BOM update from 29.1.0 to 29.2.0:

13:12:27  > Task :app:lintRelease FAILED
13:12:27  /app/com/google/api/client/util/SslUtils$1.class: Error: checkClientTrusted is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers [TrustAllX509TrustManager]
13:12:27  /app/com/google/api/client/util/SslUtils$1.class: Error: checkServerTrusted is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers [TrustAllX509TrustManager]
13:12:27  
13:12:27     Explanation for issues of type "TrustAllX509TrustManager":
13:12:27     This check looks for X509TrustManager implementations whose
13:12:27     checkServerTrusted or checkClientTrusted methods do nothing (thus trusting
13:12:27     any certificate chain) which could result in insecure network traffic
13:12:27     caused by trusting arbitrary TLS/SSL certificates presented by peers.
13:12:27  
13:12:27  2 errors, 0 warnings

Top Results From Across the Web

Firebase Android SDK Release Notes - Google

Warning : This version of firebase-messaging (v20.2.2) should not be used. It has a known issue that causes an app to crash when...

Release Notes - Play services - Google Developers

Warning : This release of play-services-location (21.0.0) has a known issue that can break ... com.google.firebase:firebase-messaging-directboot:23.0.1 ...

lint/libs/lint-tests/src/test/java/com/android/tools/lint/checks ...

"build.gradle:13: Warning: A newer version of com.google.firebase:firebase-messaging than 10.2.1 is available: 11.0.0 [GradleDependency]\n" +.

Dart Flutter com.google.firebase:firebase-messaging:23.0.0 ...

I am getting an error while running my code. Error: Launching lib\main.dart on Android SDK built for x86 in debug mode... C ...

Lint error with firebase-perf [OutdatedLibrary] even if we are ...

0, and then warning you because 0.0.0 is less than 10.2.6. I've committed a fix for this, in the branch that will eventually...