diff --git a/spring-boot-project/spring-boot-dependencies/build.gradle b/spring-boot-project/spring-boot-dependencies/build.gradle index 3b2ccbbbfc6..9b8ce74cb8d 100644 --- a/spring-boot-project/spring-boot-dependencies/build.gradle +++ b/spring-boot-project/spring-boot-dependencies/build.gradle @@ -442,17 +442,12 @@ bom { ] } } - library("HttpClient5", "5.2.3") { - prohibit { - versionRange "[5.3]" - because "it can NPE when discarding a connection (https://issues.apache.org/jira/browse/HTTPCLIENT-2313)" - } + library("HttpClient5", "5.3.1") { group("org.apache.httpcomponents.client5") { modules = [ "httpclient5", "httpclient5-cache", - "httpclient5-fluent", - "httpclient5-win", + "httpclient5-fluent" ] } } diff --git a/spring-boot-project/spring-boot-test/src/main/java/org/springframework/boot/test/web/client/TestRestTemplate.java b/spring-boot-project/spring-boot-test/src/main/java/org/springframework/boot/test/web/client/TestRestTemplate.java index 5f44bac53b4..e458603dfca 100644 --- a/spring-boot-project/spring-boot-test/src/main/java/org/springframework/boot/test/web/client/TestRestTemplate.java +++ b/spring-boot-project/spring-boot-test/src/main/java/org/springframework/boot/test/web/client/TestRestTemplate.java @@ -21,6 +21,7 @@ import java.net.URI; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.cert.X509Certificate; import java.time.Duration; import java.util.Arrays; import java.util.HashSet; @@ -40,11 +41,11 @@ import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuil import org.apache.hc.client5.http.protocol.HttpClientContext; import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; -import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy; import org.apache.hc.core5.http.io.SocketConfig; import org.apache.hc.core5.http.protocol.HttpContext; import org.apache.hc.core5.http.ssl.TLS; import org.apache.hc.core5.ssl.SSLContextBuilder; +import org.apache.hc.core5.ssl.TrustStrategy; import org.springframework.boot.web.client.ClientHttpRequestFactorySettings; import org.springframework.boot.web.client.RestTemplateBuilder; @@ -993,7 +994,7 @@ public class TestRestTemplate { ENABLE_REDIRECTS, /** - * Use a {@link SSLConnectionSocketFactory} with {@link TrustSelfSignedStrategy}. + * Use a {@link SSLConnectionSocketFactory} that trusts self-signed certificates. */ SSL @@ -1085,4 +1086,13 @@ public class TestRestTemplate { } + private static final class TrustSelfSignedStrategy implements TrustStrategy { + + @Override + public boolean isTrusted(X509Certificate[] chain, String authType) { + return chain.length == 1; + } + + } + } diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java index 7255bd37b89..70a9e4a27d3 100644 --- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java +++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java @@ -64,7 +64,6 @@ import org.apache.hc.client5.http.HttpHostConnectException; import org.apache.hc.client5.http.classic.HttpClient; import org.apache.hc.client5.http.impl.classic.HttpClients; import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; -import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy; import org.apache.hc.core5.http.HttpResponse; import org.apache.hc.core5.http.NoHttpResponseException; import org.apache.hc.core5.ssl.SSLContextBuilder; diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java index 24d0a06879b..d3f4965240b 100644 --- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java +++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/servlet/server/AbstractServletWebServerFactoryTests.java @@ -87,7 +87,6 @@ import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; import org.apache.hc.client5.http.protocol.HttpClientContext; import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; -import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy; import org.apache.hc.core5.http.HttpResponse; import org.apache.hc.core5.http.io.HttpClientResponseHandler; import org.apache.hc.core5.http.protocol.HttpContext; @@ -1404,7 +1403,7 @@ public abstract class AbstractServletWebServerFactoryTests { compression.setExcludedUserAgents(excludedUserAgents); } factory.setCompression(compression); - factory.addInitializers(new ServletRegistrationBean(new HttpServlet() { + factory.addInitializers(new ServletRegistrationBean<>(new HttpServlet() { @Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws IOException { @@ -1631,7 +1630,7 @@ public abstract class AbstractServletWebServerFactoryTests { } @Override - public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { + public boolean isTrusted(X509Certificate[] chain, String authType) { String hexSerialNumber = chain[0].getSerialNumber().toString(16); boolean isMatch = hexSerialNumber.equalsIgnoreCase(this.serialNumber); return super.isTrusted(chain, authType) && isMatch; @@ -1775,4 +1774,16 @@ public abstract class AbstractServletWebServerFactoryTests { } + protected static class TrustSelfSignedStrategy implements TrustStrategy { + + public TrustSelfSignedStrategy() { + } + + @Override + public boolean isTrusted(X509Certificate[] chain, String authType) { + return chain.length == 1; + } + + } + }