From acb0fcfd242a5a4b87891207f39c18d5c75a6f69 Mon Sep 17 00:00:00 2001 From: Doug Guthrie Date: Tue, 28 Apr 2026 10:03:20 -0700 Subject: [PATCH] fix: wire BraintrustConfig.sslContext into the API HTTP client MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BraintrustConfig already accepted a custom SSLContext via its builder and applied it to the OTLP span exporter, but createDefaultHttpClient ignored it — leaving BraintrustApiClient always using the JVM default trust store. Customers with custom CAs or internal PKI hit certificate validation errors with no way to override them. Co-Authored-By: Claude Sonnet 4.6 --- .../main/java/dev/braintrust/api/BraintrustApiClient.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/braintrust-sdk/src/main/java/dev/braintrust/api/BraintrustApiClient.java b/braintrust-sdk/src/main/java/dev/braintrust/api/BraintrustApiClient.java index bd5929ec..7eaa2ed5 100644 --- a/braintrust-sdk/src/main/java/dev/braintrust/api/BraintrustApiClient.java +++ b/braintrust-sdk/src/main/java/dev/braintrust/api/BraintrustApiClient.java @@ -485,7 +485,10 @@ private boolean isNotFound(Throwable error) { } private static HttpClient createDefaultHttpClient(BraintrustConfig config) { - return HttpClient.newBuilder().connectTimeout(Duration.ofSeconds(10)).build(); + return HttpClient.newBuilder() + .connectTimeout(Duration.ofSeconds(10)) + .sslContext(config.sslContext()) + .build(); } }