Merge pull request quarkusio#46966 from cescoffier/tls-registry-fix-no-matching-sni-truststore

Correctly handle trust managers when no trust manager matching the SNI name cannot be found

Author: cescoffier

extensions/tls-registry/runtime/src/main/java/io/quarkus/tls/runtime/keystores/ExpiryTrustOptions.java

@@ -84,6 +84,11 @@ public TrustManager[] apply(String s) throws Exception {
     }
 
     private TrustManager[] getWrappedTrustManagers(TrustManager[] tms) {
+        // If we do not find any trust managers (for example in the SNI case, where we do not have a trust manager for
+        // a given name), return `null` and not an empty array.
+        if (tms == null) {
+            return null;
+        }
         var wrapped = new TrustManager[tms.length];
         for (int i = 0; i < tms.length; i++) {
             var manager = tms[i];
@@ -161,4 +166,10 @@ public boolean equals(Object obj) {
         }
         return false;
     }
+
+    public String toString() {
+        return "ExpiryTrustOptions[" +
+                "delegate=" + delegate + ", " +
+                "policy=" + policy + ']';
+    }
 }