From 5165b082b56c179476a8d73ffe4d59acdf5e8908 Mon Sep 17 00:00:00 2001
From: Simone Bordet <simone.bordet@gmail.com>
Date: Fri, 8 Jun 2018 17:40:23 +0200
Subject: [PATCH] Issue #901 - Overriding SSL context KeyStoreType requires
 explicit override of TrustStoreType.

Improved defaulting values for the truststore, avoiding to default
the password, which is often missing for a truststore.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---
 .../org/eclipse/jetty/util/ssl/SslContextFactory.java  | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
index ca32e2d021a..39a35d80aa1 100644
--- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
+++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
@@ -1082,10 +1082,14 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
     {
         String type = Objects.toString(getTrustStoreType(), getKeyStoreType());
         String provider = Objects.toString(getTrustStoreProvider(), getKeyStoreProvider());
-        String passwd = Objects.toString(_trustStorePassword, Objects.toString(_keyStorePassword, null));
-        if (resource == null)
+        Password passwd = _trustStorePassword;
+        if (resource == null || resource.equals(_keyStoreResource))
+        {
             resource = _keyStoreResource;
-        return CertificateUtils.getKeyStore(resource, type, provider, passwd);
+            if (passwd == null)
+                passwd = _keyStorePassword;
+        }
+        return CertificateUtils.getKeyStore(resource, type, provider, Objects.toString(passwd, null));
     }
 
     /**