Index: jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java =================================================================== --- jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java (revision 1901774) +++ jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java (working copy) @@ -361,6 +361,8 @@ HttpClientBuilder hcb = HttpClients.custom(); + final SSLConnectionSocketFactory sslSocketFactory; + // request config RequestConfig requestConfig = RequestConfig.custom(). setConnectTimeout(connectionOptions.getConnectionTimeoutMs()). @@ -371,30 +373,45 @@ log.debug("Using system properties for establishing connection!"); // support Java system proxy? (JCR-3211) hcb.useSystemProperties(); + + sslSocketFactory = SSLConnectionSocketFactory.getSystemSocketFactory(); + + if (connectionOptions.isAllowSelfSignedCertificates()) { + throw new RepositoryException(ConnectionOptions.PARAM_ALLOW_SELF_SIGNED_CERTIFICATES + + " has no effect when system properties (jackrabbit.client.useSystemProperties) have been specified."); + } + if (connectionOptions.isDisableHostnameVerification()) { + throw new RepositoryException(ConnectionOptions.PARAM_DISABLE_HOSTNAME_VERIFICATION + + " has no effect when system properties (jackrabbit.client.useSystemProperties) have been specified."); + } + } - - // TLS settings (via connection manager) - final SSLContext sslContext; - try { - if (connectionOptions.isAllowSelfSignedCertificates()) { - log.warn("Nonsecure TLS setting: Accepting self-signed certificates!"); - sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustSelfSignedStrategy()).build(); - hcb.setSSLContext(sslContext); + else { + + // TLS settings (via connection manager) + final SSLContext sslContext; + try { + if (connectionOptions.isAllowSelfSignedCertificates()) { + log.warn("Nonsecure TLS setting: Accepting self-signed certificates!"); + sslContext = SSLContextBuilder.create().loadTrustMaterial(new TrustSelfSignedStrategy()).build(); + hcb.setSSLContext(sslContext); + } else { + sslContext = SSLContextBuilder.create().build(); + } + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) { + throw new RepositoryException(e); + } + + if (connectionOptions.isDisableHostnameVerification()) { + log.warn("Nonsecure TLS setting: Host name verification of TLS certificates disabled!"); + // we can optionally disable hostname verification. + sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); } else { - sslContext = SSLContextBuilder.create().build(); + sslSocketFactory = new SSLConnectionSocketFactory(sslContext); } - } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) { - throw new RepositoryException(e); + } - final SSLConnectionSocketFactory sslSocketFactory; - if (connectionOptions.isDisableHostnameVerification()) { - log.warn("Nonsecure TLS setting: Host name verification of TLS certificates disabled!"); - // we can optionally disable hostname verification. - sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); - } else { - sslSocketFactory = new SSLConnectionSocketFactory(sslContext); - } - + Registry socketFactoryRegistry = RegistryBuilder.create() .register("http", PlainConnectionSocketFactory.getSocketFactory()) .register("https", sslSocketFactory)