Skip to content

Can't provide a custom SocketFactory with default HttpClient #2365

New issue
New issue
Closed
#2370
Closed
Can't provide a custom SocketFactory with default HttpClient#2365
#2370
Labels
bugA confirmed bug, that we should fixfixedAn {bug|improvement} that has been {fixed|implemented}
Milestone
1.21.2
@mmaterna

Description

@mmaterna
mmaterna
opened on Jul 6, 2025

When using version 1.21.1 with default HttpClient enabled I can't connect to a page with self-signed certificate. I get an error with stacktrace:

javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

	at java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:928)
	at java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:133)
	at org.jsoup@1.21.1/org.jsoup.helper.HttpClientExecutor.execute(HttpClientExecutor.java:82)
	at org.jsoup@1.21.1/org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:872)
	at org.jsoup@1.21.1/org.jsoup.helper.HttpConnection$Response.execute(HttpConnection.java:846)
	at org.jsoup@1.21.1/org.jsoup.helper.HttpConnection.execute(HttpConnection.java:358)

It works when HttpClient is disabled using system property jsoup.useHttpClient.

Example code:

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;

class JsoupConnectionTest {

    @Test
    void selfSignedProblemOnHttpClient() throws Exception {
        // FAILS
        System.setProperty("jsoup.useHttpClient", "true");
        Jsoup.newSession().url("https://self-signed.badssl.com")
                .method(Connection.Method.GET)
                .sslSocketFactory(acceptAllSSLSocketFactory())
                .execute()
                .readFully();
    }

    @Test
    void selfSignedWorking() throws Exception {
        System.setProperty("jsoup.useHttpClient", "false");
        Jsoup.newSession().url("https://self-signed.badssl.com")
                .method(Connection.Method.GET)
                .sslSocketFactory(acceptAllSSLSocketFactory())
                .execute()
                .readFully();
    }


    private static SSLSocketFactory acceptAllSSLSocketFactory() throws Exception {
        TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }

            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }
        }};

        SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
        return sslContext.getSocketFactory();
    }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugA confirmed bug, that we should fixfixedAn {bug|improvement} that has been {fixed|implemented}

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions