ServerSocketFactory.getDefault() will load the default JVM truststore
(typically from jre/lib/security/cacerts) as configured by JSSE
system properties.
However, a typical use case for setting a custom ServerSocketFactory is
that the client application has loaded custom keystore or truststore
material into their JVM, usually by creating a custom SSLContext.
There's strictly no reason to initialize the default ServerSocketFactory
until the mockwebserver has been started, allowing custom settings of the
factory by clients and avoiding the default load attempt during class
construction.
This patch simply moves the initiatlization logic into the private start
method to avoid the premature loading of trust store materials.
The most awkward part of this is the changes to the way MockResponse
handled chunked encoding. It used to consider trailers a part of its
chunked response; now it does not.
Also rename HeldCertificate.Builder.issuedBy() to signedBy(). 'Issued' is the
word used by certificates; 'signed' is the word used by cryptographers. I prefer
'signed'.
The drawbacks seem small; the callsite needs to handle interruption anyway
because the thread is prone to interruption.
And the upside is that a single interrupt should now be sufficient to break
out an in-flight OkHttp call.
Note that although we're fixing this, thread interruption is not well tested
in OkHttp. Most users should prefer Call.cancel(), which is well tested and
doesn't rely on the caller to know which threads OkHttp is using to make
the actual HTTP request.
Closes: https://github.com/square/okhttp/issues/3945
This class has been in MockWebServer for a long time, but it's always been
in the internal package with an incomplete API. This change promotes it to
a public API.
It's not quite sufficient for use as-is; we also need to open source its
companion class 'SslClient' that represents who we trust (as a list of
root certificates) and who we are (as an optional held certificate plus
the chain to a root certificate).
This removes the Ping abstraction from our http2 package. This was written as
if it were a public API, but never exposed to any callers but tests. Removing
it makes it easier to lock down how pings are used.
This also removes the NullServer class, replacing it with a new SocketPolicy
on MockWebServer. The new SocketPolicy, STALL_SOCKET_AT_START, allows us to
do TLS and negotiate an HTTP/2 connection without actually building a proper
Http2Connection and without responding to pings.
The behavior in HTTP/2 connections is modeled after our behavior in web sockets.
We count outgoing pings, incoming pongs, and confirm that the pongs are keeping
up. If later we make this policy more sophisticated we can track the changes
in both places.
Closes: https://github.com/square/okhttp/issues/3261
There are several options for when to expect the pong response. I've
chosen to overload the ping interval. This seems reasonable because the
ping interval is the maximum amount of time that should elapse before
a connection failure is detected.
Closes: https://github.com/square/okhttp/issues/3227
