Skip to content

Commit 76a1e10

Browse files
Updated CHANGELOG.md
1 parent ec843fa commit 76a1e10

4 files changed

Lines changed: 43 additions & 38 deletions

File tree

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,12 @@
22

33
## Unreleased
44

5+
### SDK
6+
7+
#### Exporters
8+
9+
* OTLP: Fix OkHttp HTTP sender dropping client certificates when client TLS is configured without custom trusted certificates.
10+
511
## Version 1.63.0 (2026-06-05)
612

713
### API

exporters/common/src/main/java/io/opentelemetry/exporter/internal/TlsUtil.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -95,9 +95,8 @@ public static X509KeyManager keyManager(byte[] privateKeyPem, byte[] certificate
9595
throw new SSLException("Could not build KeyManagerFactory from clientKeysPem.", e);
9696
}
9797
}
98-
/**
99-
* Returns the platform default {@link X509TrustManager}.
100-
*/
98+
99+
/** Returns the platform default {@link X509TrustManager}. */
101100
public static X509TrustManager defaultTrustManager() throws SSLException {
102101
try {
103102
TrustManagerFactory tmf =
@@ -117,6 +116,7 @@ public static X509TrustManager defaultTrustManager() throws SSLException {
117116
throw new SSLException("Could not build default TrustManager.", e);
118117
}
119118
}
119+
120120
// Visible for testing
121121
static PrivateKey generatePrivateKey(PKCS8EncodedKeySpec keySpec, List<KeyFactory> keyFactories)
122122
throws SSLException {

exporters/otlp/testing-internal/src/main/java/io/opentelemetry/exporter/otlp/testing/internal/AbstractHttpTelemetryExporterTest.java

Lines changed: 32 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -165,35 +165,36 @@ protected void configure(ServerBuilder sb) {
165165
// certificates are configured.
166166
@RegisterExtension
167167
@Order(4)
168-
static final ServerExtension mtlsServer = new ServerExtension() {
169-
@Override
170-
protected void configure(ServerBuilder sb) {
171-
sb.service(
172-
"/v1/traces",
173-
new CollectorService<>(
174-
ExportTraceServiceRequest::parseFrom,
175-
ExportTraceServiceRequest::getResourceSpansList));
176-
sb.service(
177-
"/v1/metrics",
178-
new CollectorService<>(
179-
ExportMetricsServiceRequest::parseFrom,
180-
ExportMetricsServiceRequest::getResourceMetricsList));
181-
sb.service(
182-
"/v1/logs",
183-
new CollectorService<>(
184-
ExportLogsServiceRequest::parseFrom,
185-
ExportLogsServiceRequest::getResourceLogsList));
186-
187-
sb.http(0);
188-
sb.https(0);
189-
sb.tls(TlsKeyPair.of(certificate.privateKey(), certificate.certificate()));
190-
sb.tlsCustomizer(
191-
ssl -> {
192-
ssl.trustManager(clientCertificate.certificate());
193-
ssl.clientAuth(ClientAuth.REQUIRE);
194-
});
195-
}
196-
};
168+
static final ServerExtension mtlsServer =
169+
new ServerExtension() {
170+
@Override
171+
protected void configure(ServerBuilder sb) {
172+
sb.service(
173+
"/v1/traces",
174+
new CollectorService<>(
175+
ExportTraceServiceRequest::parseFrom,
176+
ExportTraceServiceRequest::getResourceSpansList));
177+
sb.service(
178+
"/v1/metrics",
179+
new CollectorService<>(
180+
ExportMetricsServiceRequest::parseFrom,
181+
ExportMetricsServiceRequest::getResourceMetricsList));
182+
sb.service(
183+
"/v1/logs",
184+
new CollectorService<>(
185+
ExportLogsServiceRequest::parseFrom,
186+
ExportLogsServiceRequest::getResourceLogsList));
187+
188+
sb.http(0);
189+
sb.https(0);
190+
sb.tls(TlsKeyPair.of(certificate.privateKey(), certificate.certificate()));
191+
sb.tlsCustomizer(
192+
ssl -> {
193+
ssl.trustManager(clientCertificate.certificate());
194+
ssl.clientAuth(ClientAuth.REQUIRE);
195+
});
196+
}
197+
};
197198

198199
private static class CollectorService<T> implements HttpService {
199200
private final ThrowingExtractor<byte[], T, InvalidProtocolBufferException> parse;
@@ -505,8 +506,7 @@ void clientTlsWithoutTrustedCertificates(byte[] privateKey) throws Exception {
505506
.setEndpoint(mtlsServer.httpsUri() + path)
506507
// Intentionally DO NOT configure trusted certificates.
507508
.setClientTls(
508-
privateKey,
509-
Files.readAllBytes(clientCertificate.certificateFile().toPath()))
509+
privateKey, Files.readAllBytes(clientCertificate.certificateFile().toPath()))
510510
.build()) {
511511

512512
CompletableResultCode result =
@@ -515,6 +515,7 @@ void clientTlsWithoutTrustedCertificates(byte[] privateKey) throws Exception {
515515
assertThat(result.join(10, TimeUnit.SECONDS).isSuccess()).isTrue();
516516
}
517517
}
518+
518519
private static class ClientPrivateKeyProvider implements ArgumentsProvider {
519520
@Override
520521
@SuppressWarnings("PrimitiveArrayPassedToVarargsMethod")

exporters/sender/okhttp/src/main/java/io/opentelemetry/exporter/sender/okhttp/internal/OkHttpHttpSender.java

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@
88
import io.opentelemetry.api.impl.InstrumentationUtil;
99
import io.opentelemetry.exporter.internal.RetryUtil;
1010
import io.opentelemetry.exporter.internal.TlsUtil;
11-
import javax.net.ssl.SSLException;
1211
import io.opentelemetry.sdk.common.CompletableResultCode;
1312
import io.opentelemetry.sdk.common.export.Compressor;
1413
import io.opentelemetry.sdk.common.export.HttpResponse;
@@ -30,6 +29,7 @@
3029
import java.util.logging.Logger;
3130
import javax.annotation.Nullable;
3231
import javax.net.ssl.SSLContext;
32+
import javax.net.ssl.SSLException;
3333
import javax.net.ssl.X509TrustManager;
3434
import okhttp3.Call;
3535
import okhttp3.Callback;
@@ -120,9 +120,7 @@ public OkHttpHttpSender(
120120
throw new IllegalStateException("Unable to initialize default trust manager", e);
121121
}
122122
}
123-
builder.sslSocketFactory(
124-
sslContext.getSocketFactory(),
125-
effectiveTrustManager);
123+
builder.sslSocketFactory(sslContext.getSocketFactory(), effectiveTrustManager);
126124
}
127125

128126
this.client = builder.build();

0 commit comments

Comments
 (0)