Details
Major Description
Thankfully we had an integration test for this, otherwise this is a major security issue.
This was working as expected on 1.0.0-RC2 but as soon as I bumped to 1.0.0, the test started failing. "Affects version" says there is no 1.0.0 btw, but Maven disagrees.
I don't know about the raw APIs but this happens when `LdapConnectionTemplate` is used. Thankfully I was able to work around it by assigning Java's default TrustManager.
LdapConnectionConfig config = new LdapConnectionConfig();
....
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init((KeyStore) null);
config.setTrustManagers(tmf.getTrustManagers());
...
DefaultLdapConnectionFactory connectionFactory = new DefaultLdapConnectionFactory(config);
return new LdapConnectionTemplate(new LdapConnectionPool(new ValidatingPoolableLdapConnectionFactory(connectionFactory))));