binance · Dargon789 · Jan 29, 2025 · Mar 4, 2025 · Sep 4, 2025 · Sep 4, 2025
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -0,0 +1,23 @@
+version: 2.1
+executors:
+  my-custom-executor:
+    docker:
+      - image: cimg/base:stable
+        auth:
+          # ensure you have first added these secrets
+          # visit app.circleci.com/settings/project/github/Dargon789/binance/environment-variables
+          username: $DOCKER_HUB_USER
+          password: $DOCKER_HUB_PASSWORD
+jobs:
+  my-job-name:
+
+    executor: my-custom-executor
+    steps:
+      - checkout
+      - run: |
+          # echo Hello, World!
+
+workflows:
+  my-custom-workflow:
+    jobs:
+      - my-job-name
diff --git a/clients/common/src/main/java/com/binance/connector/client/common/ApiClient.java b/clients/common/src/main/java/com/binance/connector/client/common/ApiClient.java
@@ -1717,37 +1717,29 @@ private void applySslSettings() {
         try {
             TrustManager[] trustManagers;
             HostnameVerifier hostnameVerifier;
+            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
             if (!verifyingSsl) {
-                trustManagers =
-                        new TrustManager[] {
-                            new X509TrustManager() {
-                                @Override
-                                public void checkClientTrusted(
-                                        java.security.cert.X509Certificate[] chain, String authType)
-                                        throws CertificateException {}
-
-                                @Override
-                                public void checkServerTrusted(
-                                        java.security.cert.X509Certificate[] chain, String authType)
-                                        throws CertificateException {}
-
-                                @Override
-                                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-                                    return new java.security.cert.X509Certificate[] {};
-                                }
-                            }
-                        };
-                hostnameVerifier =
-                        new HostnameVerifier() {
-                            @Override
-                            public boolean verify(String hostname, SSLSession session) {
-                                return true;
-                            }
-                        };
+                if (sslCaCert == null) {
+                    throw new IllegalStateException("SSL verification is disabled, but no trusted certificate provided in sslCaCert. Refusing to trust all certificates for security reasons.");
+                } else {
+                    char[] password = null; // Any password will work.
+                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+                    Collection<? extends Certificate> certificates =
+                            certificateFactory.generateCertificates(sslCaCert);
+                    if (certificates.isEmpty()) {
+                        throw new IllegalArgumentException(
+                                "expected non-empty set of trusted certificates");
+                    }
+                    KeyStore caKeyStore = newEmptyKeyStore(password);
+                    int index = 0;
+                    for (Certificate certificate : certificates) {
+                        String certificateAlias = "ca" + (index++);
+                        caKeyStore.setCertificateEntry(certificateAlias, certificate);
+                    }
+                    trustManagerFactory.init(caKeyStore);
+                }
+                hostnameVerifier = OkHostnameVerifier.INSTANCE;
             } else {
-                TrustManagerFactory trustManagerFactory =
-                        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-
                 if (sslCaCert == null) {
                     trustManagerFactory.init((KeyStore) null);
                 } else {
@@ -1767,8 +1759,9 @@ public boolean verify(String hostname, SSLSession session) {
                     }
                     trustManagerFactory.init(caKeyStore);
                 }
-                trustManagers = trustManagerFactory.getTrustManagers();
                 hostnameVerifier = OkHostnameVerifier.INSTANCE;
+            trustManagers = trustManagerFactory.getTrustManagers();
+
             }
 
             SSLContext sslContext = SSLContext.getInstance("TLS");