IJPL-171446 [2024.3] unable to find valid certification path to requested target

(cherry picked from commit 5b62948bd8fb00ee6d36f6560727269dbc8f36b5) IJ-CR-149408 GitOrigin-RevId: 27fa2de566173534e248c9d2a15b55a3a282c7fe
2026-03-22 15:19:59 +07:00 · 2024-11-14 20:40:21 +01:00
parent f3914db145
commit 7b670e2bd7
1 changed files with 6 additions and 0 deletions
--- a/platform/platform-api/src/com/intellij/util/net/ssl/CertificateManager.kt
+++ b/platform/platform-api/src/com/intellij/util/net/ssl/CertificateManager.kt
@@ -29,6 +29,7 @@ import java.util.concurrent.TimeUnit
 import java.util.concurrent.atomic.AtomicBoolean
 import java.util.concurrent.atomic.AtomicReference
 import javax.crypto.BadPaddingException
+import javax.net.ssl.HttpsURLConnection
 import javax.net.ssl.KeyManager
 import javax.net.ssl.KeyManagerFactory
 import javax.net.ssl.SSLContext
@@ -283,6 +284,11 @@ class CertificateManager(coroutineScope: CoroutineScope) : PersistentStateCompon
      // NOTE: existence of default trust manager can be checked here as
      // assert systemManager.getAcceptedIssuers().length != 0
      context.init(getDefaultKeyManagers(), arrayOf(trustManager), null)
+      // HttpsUrlConnection behaves strangely and caches defaultSSLSocketFactory = (SSLSocketFactory)SSLSocketFactory.getDefault()
+      // on the first invocation, even though it could be overridden later
+      // if we change the default factory, we need to manually update the HttpsURLConnection.defaultSSLSocketFactory as well
+      // see https://youtrack.jetbrains.com/issue/IJPL-171446
+      HttpsURLConnection.setDefaultSSLSocketFactory(context.socketFactory)
    }
    catch (e: KeyManagementException) {
      LOG.error(e)