16Nis
What is the security impact of disabling certificate check [duplicate]
I have this line of code in a client server project:
sslContext.init(null, new TrustManager[]{new TrustAnyManager()}, null);
A security guy pointed out that this is skipping the validation of the certificate, but I don't understand the security impact of this. Because with this implementation I have a TLS encrtypted communication, so what is the concern of disabling certificate check? and what is a possible attack here ?
To note that in test environment I am using self signed certificate.