From 8acb76770e83c38ee722ab74f449383e9729f079 Mon Sep 17 00:00:00 2001
From: Ryan Schmitt <rschmitt@apache.org>
Date: Fri, 23 Jan 2026 15:16:00 -0800
Subject: [PATCH] SSLContexts: Respect system properties by default

The trust store system properties are always respected by default. The
key store system properties should also be respected by default for
consistency. For more information, see the discussion in:

https://github.com/apache/httpcomponents-client/pull/773
---
 .../org/apache/hc/core5/ssl/SSLContexts.java  | 40 +++++++------------
 .../apache/hc/core5/ssl/SSLContextsTest.java  |  4 +-
 2 files changed, 17 insertions(+), 27 deletions(-)

diff --git a/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContexts.java b/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContexts.java
index 213026b3b2..3fca5b9116 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContexts.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/ssl/SSLContexts.java
@@ -27,7 +27,6 @@
 
 package org.apache.hc.core5.ssl;
 
-import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 
 import javax.net.ssl.SSLContext;
@@ -41,7 +40,7 @@
  * SSLContext#init(KeyManager[], TrustManager[], SecureRandom)}
  * accepts multiple key and trust managers, however only only first matching type is ever used.
  * See for example:
- * <a href="http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLContext.html#init%28javax.net.ssl.KeyManager[],%20javax.net.ssl.TrustManager[],%20java.security.SecureRandom%29">
+ * <a href="https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLContext.html#init-javax.net.ssl.KeyManager:A-javax.net.ssl.TrustManager:A-java.security.SecureRandom-">
  * SSLContext.html#init
  * </a>
  * @since 4.4
@@ -53,40 +52,31 @@ private SSLContexts() {
     }
 
     /**
-     * Creates default factory based on the standard JSSE trust material
-     * ({@code cacerts} file in the security properties directory). System properties
-     * are not taken into consideration.
+     * Returns the JDK default {@link SSLContext}.
      *
-     * @return the default SSL socket factory
-     * @throws SSLInitializationException if NoSuchAlgorithmException or KeyManagementException
-     * are thrown when invoking {@link SSLContext#getInstance(String)}
+     * @return the default JDK SSL context
+     * @throws SSLInitializationException if NoSuchAlgorithmException
+     * is thrown when invoking {@link SSLContext#getInstance(String)}
      */
     public static SSLContext createDefault() throws SSLInitializationException {
         try {
-            final SSLContext sslContext = SSLContext.getInstance(SSLContextBuilder.TLS);
-            sslContext.init(null, null, null);
-            return sslContext;
-        } catch (final NoSuchAlgorithmException | KeyManagementException ex) {
-            throw new SSLInitializationException(ex.getMessage(), ex);
+            return SSLContext.getDefault();
+        } catch (final NoSuchAlgorithmException ex) {
+            return createDefault();
         }
     }
 
     /**
-     * Creates default SSL context based on system properties. This method obtains
-     * default SSL context by calling {@code SSLContext.getInstance("Default")}.
-     * Please note that {@code Default} algorithm is supported as of Java 6.
-     * This method will fall back onto {@link #createDefault()} when
-     * {@code Default} algorithm is not available.
+     * Deprecated alias for {@link #createDefault()}.
      *
-     * @return default system SSL context
-     * @throws SSLInitializationException if {@link #createDefault()} throws it
+     * @return the default JDK SSL context
+     * @throws SSLInitializationException if NoSuchAlgorithmException
+     * is thrown when invoking {@link SSLContext#getInstance(String)}
+     * @deprecated Call {@link #createDefault} instead
      */
+    @Deprecated
     public static SSLContext createSystemDefault() throws SSLInitializationException {
-        try {
-            return SSLContext.getDefault();
-        } catch (final NoSuchAlgorithmException ex) {
-            return createDefault();
-        }
+        return createDefault();
     }
 
     /**
diff --git a/httpcore5/src/test/java/org/apache/hc/core5/ssl/SSLContextsTest.java b/httpcore5/src/test/java/org/apache/hc/core5/ssl/SSLContextsTest.java
index 6862ea97d2..d37ae1d3d0 100644
--- a/httpcore5/src/test/java/org/apache/hc/core5/ssl/SSLContextsTest.java
+++ b/httpcore5/src/test/java/org/apache/hc/core5/ssl/SSLContextsTest.java
@@ -50,7 +50,7 @@ void createDefault() {
         final SSLContext sslContext = SSLContexts.createDefault();
         assertAll(
                 () -> assertNotNull(sslContext),
-                () -> assertEquals(SSLContextBuilder.TLS, sslContext.getProtocol()),
+                () -> assertEquals("Default", sslContext.getProtocol()),
                 () -> assertNotNull(sslContext.getProvider())
         );
     }
@@ -85,4 +85,4 @@ void custom() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableK
                 () -> assertEquals("SunJSSE", sslContext.getProvider().getName())
         );
     }
-}
\ No newline at end of file
+}