diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java index 92bd0b8a841f..ea49d05dc755 100644 --- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java +++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java @@ -22,7 +22,6 @@ import org.apache.commons.logging.Log; import org.apache.coyote.ProtocolHandler; import org.apache.coyote.http11.AbstractHttp11JsseProtocol; -import org.apache.coyote.http11.Http11NioProtocol; import org.apache.tomcat.util.net.SSLHostConfig; import org.apache.tomcat.util.net.SSLHostConfigCertificate; import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type; @@ -117,7 +116,7 @@ private void applySslBundle(AbstractHttp11JsseProtocol protocol, SSLHostConfi String ciphers = StringUtils.arrayToCommaDelimitedString(options.getCiphers()); sslHostConfig.setCiphers(ciphers); } - configureSslStoreProvider(protocol, sslHostConfig, certificate, stores); + configureSslStores(sslHostConfig, certificate, stores); configureEnabledProtocols(sslHostConfig, options); } @@ -132,10 +131,8 @@ private void configureSslClientAuth(SSLHostConfig config) { config.setCertificateVerification(ClientAuth.map(this.clientAuth, "none", "optional", "required")); } - private void configureSslStoreProvider(AbstractHttp11JsseProtocol protocol, SSLHostConfig sslHostConfig, - SSLHostConfigCertificate certificate, SslStoreBundle stores) { - Assert.isInstanceOf(Http11NioProtocol.class, protocol, - "SslStoreProvider can only be used with Http11NioProtocol"); + private void configureSslStores(SSLHostConfig sslHostConfig, SSLHostConfigCertificate certificate, + SslStoreBundle stores) { try { if (stores.getKeyStore() != null) { certificate.setCertificateKeystore(stores.getKeyStore()); diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java index 70a9e4a27d30..1b684e981841 100644 --- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java +++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactoryTests.java @@ -60,6 +60,7 @@ import org.apache.catalina.valves.RemoteIpValve; import org.apache.coyote.ProtocolHandler; import org.apache.coyote.http11.AbstractHttp11Protocol; +import org.apache.coyote.http11.Http11Nio2Protocol; import org.apache.hc.client5.http.HttpHostConnectException; import org.apache.hc.client5.http.classic.HttpClient; import org.apache.hc.client5.http.impl.classic.HttpClients; @@ -681,6 +682,20 @@ void shouldUpdateSslWhenReloadingSslBundles() throws Exception { assertThat(verifier.getLastPrincipal()).isEqualTo("CN=2"); } + @Test + void sslWithHttp11Nio2Protocol() throws Exception { + TomcatServletWebServerFactory factory = getFactory(); + addTestTxtFile(factory); + factory.setProtocol(Http11Nio2Protocol.class.getName()); + factory.setSsl(getSsl(null, "password", "src/test/resources/test.jks")); + this.webServer = factory.getWebServer(); + this.webServer.start(); + SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory( + new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build()); + HttpComponentsClientHttpRequestFactory requestFactory = createHttpComponentsRequestFactory(socketFactory); + assertThat(getResponse(getLocalUrl("https", "/test.txt"), requestFactory)).isEqualTo("test"); + } + @Override protected JspServlet getJspServlet() throws ServletException { Tomcat tomcat = ((TomcatWebServer) this.webServer).getTomcat();