From 7b670e2bd7a372a48214fc25746175bde734ab33 Mon Sep 17 00:00:00 2001 From: Sergey Pak Date: Thu, 14 Nov 2024 20:40:21 +0100 Subject: [PATCH] IJPL-171446 [2024.3] unable to find valid certification path to requested target (cherry picked from commit 5b62948bd8fb00ee6d36f6560727269dbc8f36b5) IJ-CR-149408 GitOrigin-RevId: 27fa2de566173534e248c9d2a15b55a3a282c7fe --- .../src/com/intellij/util/net/ssl/CertificateManager.kt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/platform/platform-api/src/com/intellij/util/net/ssl/CertificateManager.kt b/platform/platform-api/src/com/intellij/util/net/ssl/CertificateManager.kt index aa1348933d0f..3f945cfcf207 100644 --- a/platform/platform-api/src/com/intellij/util/net/ssl/CertificateManager.kt +++ b/platform/platform-api/src/com/intellij/util/net/ssl/CertificateManager.kt @@ -29,6 +29,7 @@ import java.util.concurrent.TimeUnit import java.util.concurrent.atomic.AtomicBoolean import java.util.concurrent.atomic.AtomicReference import javax.crypto.BadPaddingException +import javax.net.ssl.HttpsURLConnection import javax.net.ssl.KeyManager import javax.net.ssl.KeyManagerFactory import javax.net.ssl.SSLContext @@ -283,6 +284,11 @@ class CertificateManager(coroutineScope: CoroutineScope) : PersistentStateCompon // NOTE: existence of default trust manager can be checked here as // assert systemManager.getAcceptedIssuers().length != 0 context.init(getDefaultKeyManagers(), arrayOf(trustManager), null) + // HttpsUrlConnection behaves strangely and caches defaultSSLSocketFactory = (SSLSocketFactory)SSLSocketFactory.getDefault() + // on the first invocation, even though it could be overridden later + // if we change the default factory, we need to manually update the HttpsURLConnection.defaultSSLSocketFactory as well + // see https://youtrack.jetbrains.com/issue/IJPL-171446 + HttpsURLConnection.setDefaultSSLSocketFactory(context.socketFactory) } catch (e: KeyManagementException) { LOG.error(e)