starred/pkl
1
0
Fork 0
mirror of https://github.com/apple/pkl.git synced 2026-01-13 15:13:38 +01:00
Code Issues 198 Packages Projects Releases 10 Wiki Activity

Fallback certificates do not work in certain classloader setups #343

New Issue
Closed
opened 2025-12-30 01:23:42 +01:00 by adam · 0 comments
adam commented 2025-12-30 01:23:42 +01:00
Owner
Copy Link

Originally created by @netvl on GitHub (Sep 4, 2025).

In this piece of code: a66ac0eb35/pkl-commons-cli/src/main/kotlin/org/pkl/commons/cli/CliCommand.kt (L208-L225)
the org/pkl/commons/cli/PklCARoots.pem resource is resolved relatively to the classloader associated with the class returned by javaClass. However, since this is an extension method for HttpClient.Builder, it means calling javaClass on the builder instance, which is actually defined in the system classpath.

Because of this, if the Pkl class is loaded by a different classloader compared to the one which contains JDK classes, which is totally possible in certain scenarios (e.g. with Gradle), then this resource resolution will fail.

The solution is to switch the javaClass target to this@CliCommand to load the resource using the classloader which loaded the jar with the CliCommand class.

Originally created by @netvl on GitHub (Sep 4, 2025). In this piece of code: https://github.com/apple/pkl/blob/a66ac0eb35f987b90b9f92e3f4efa5804a7ff798/pkl-commons-cli/src/main/kotlin/org/pkl/commons/cli/CliCommand.kt#L208-L225 the `org/pkl/commons/cli/PklCARoots.pem` resource is resolved relatively to the classloader associated with the class returned by `javaClass`. However, since this is an extension method for `HttpClient.Builder`, it means calling `javaClass` on the builder instance, which is actually defined in the system classpath. Because of this, if the Pkl class is loaded by a different classloader compared to the one which contains JDK classes, which is totally possible in certain scenarios (e.g. with Gradle), then this resource resolution will fail. The solution is to switch the `javaClass` target to `this@CliCommand` to load the resource using the classloader which loaded the jar with the `CliCommand` class.
adam closed this issue 2025-12-30 01:23:42 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
duplicate
enhancement
good first issue
help wanted
pull-request
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pkl#343
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?