diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java index bc4c50b3d9..959844cb8f 100644 --- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java +++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizer.java @@ -148,7 +148,9 @@ class SslConnectorCustomizer implements TomcatConnectorCustomizer { throw new WebServerException("Could not load trust store: " + ex.getMessage(), ex); } } - protocol.setTruststorePass(ssl.getTrustStorePassword()); + if (ssl.getTrustStorePassword() != null) { + protocol.setTruststorePass(ssl.getTrustStorePassword()); + } if (ssl.getTrustStoreType() != null) { protocol.setTruststoreType(ssl.getTrustStoreType()); } diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java index 3814f91bee..038604a515 100644 --- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java +++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/tomcat/SslConnectorCustomizerTests.java @@ -206,6 +206,17 @@ class SslConnectorCustomizerTests { assertThat(protocol.getKeyPass()).isEqualTo("password"); } + @Test + void trustStorePasswordIsNotSetWhenNull() { + Http11NioProtocol protocol = (Http11NioProtocol) this.tomcat.getConnector().getProtocolHandler(); + protocol.setTruststorePass("password"); + Ssl ssl = new Ssl(); + ssl.setKeyStore("src/test/resources/test.jks"); + ssl.setTrustStore("src/test/resources/test.jks"); + new SslConnectorCustomizer(ssl, null).customize(this.tomcat.getConnector()); + assertThat(protocol.getTruststorePass()).isEqualTo("password"); + } + private KeyStore loadStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { KeyStore keyStore = KeyStore.getInstance("JKS"); Resource resource = new ClassPathResource("test.jks");