TLS handshakes against peer Krill servers failed with cryptic SSL errors. Logs showed individual certificate parse failures (one line per file) but no summary, making it impossible to tell whether the trust store was empty because no peers had been added yet or because all trusted-cert files had become unreadable/corrupt.
buildTrustManagerFromTrustedCerts() in both the JVM and Android implementations of HttpClientContainer iterated over files in the trusted-certs directory, caught per-file Exceptions and logged them individually, then unconditionally called TrustManagerFactory.init(ks) with whatever the keystore contained (possibly nothing). If all files failed to parse, the resulting X509TrustManager had an empty accepted-issuers list and every HTTPS call to a peer using a self-signed certificate silently failed — no summary log indicated the trust store was empty because of parse failures rather than simply having no peers enrolled yet.
The function was also entirely private with a hardcoded path to the production trusted-certs directory, making it untestable without a real filesystem layout.
shared/src/jvmMain/…/HttpClientContainer.jvm.kt: promoted buildTrustManagerFromTrustedCerts from a private member function of HttpClientProvider to a module-level internal function with a trustDir: File default parameter pointing to the real production path. Added loaded-count tracking; when trustDir exists and contains files but loaded == 0, emits a logger.w naming the directory and file count. Added a logger.i when at least one cert loads so operators can confirm trust anchors were picked up.shared/src/androidMain/…/HttpClientContainer.android.kt: same diagnostic improvements added inline (Android version cannot be extracted to a top-level function because it reads the path from ContextContainer.context.filesDir; the loaded/warning logic is identical).shared/src/jvmTest/…/io/HttpClientTrustLoaderTest.kt: five cases covering non-existent dir, empty dir, corrupt-only files, a valid cert, and a mixed dir with one corrupt and one valid cert. All use temp directories; no production path is read or written.internal functions with default-parameter path seams so they can be exercised in tests. Follow the pattern from PR #380 (readPfxPassword(file: File = …)).