After a peer TLS certificate was fetched and written to disk, rebuildHttpClient() → rebuild() → reload() always logged “Reloaded trust material” at INFO level regardless of whether any certificates were actually loaded. If the freshly written cert file was corrupt or unparseable, the trust store silently became empty and all subsequent TLS connections to peer servers failed with cryptic SSL handshake errors. The only diagnostic was per-cert logger.e lines buried in buildTrustManagerFromTrustedCerts, with no summary at the rebuild() call site.
buildTrustManagerFromTrustedCerts returned X509TrustManager — a single type with no way to convey how many certs were actually loaded. The loaded-cert count was a local variable that evaporated when the function returned. ReloadableX509TrustManager.reload() returned Unit; HttpClientProvider.rebuild() therefore had no signal to distinguish “loaded 1 cert” from “loaded 0 certs because all files were corrupt”. It emitted a cheerful logger.i("Reloaded trust material") in both cases.
This was a residual gap left by PR #381 (which added the per-cert warning log) and PR #532 (which introduced the in-place reload pattern). PR #381 fixed the inner diagnostic; this issue fixes the propagation up the call stack.
buildTrustManagerFromTrustedCerts (JVM + Android) now returns Pair<X509TrustManager, Int> where Int is the number of successfully loaded certificates.ReloadableX509TrustManager.reload() unpacks the pair, updates delegate, and returns the loaded count to its caller.HttpClientProvider.rebuild() checks the count: if 0, logs at WARN with a message that names the trust dir and the possible causes (empty dir or all files failed to parse); otherwise logs at INFO with the count.HttpClientTrustLoaderTest: updated to destructure the new return type and added loaded-count assertions to every test case.HttpClientProviderConcurrencyTest: added reloadWithAllCorruptCertsReturnsZeroCount and reloadWithValidCertReturnsPositiveCount to prove the count propagates correctly through reload().Unit-returning reload function looks complete from the caller’s perspective even when it did nothing useful.Pair<Resource, Int> (or a named data class) keeps the return type self-documenting and testable without changing call-site signatures for callers that only need the resource.