CalvinKirs opened a new pull request, #61102:
URL: https://github.com/apache/doris/pull/61102
…ient
Problem Summary:
1. Azure Blob requests can fail with TLS/CA verification errors, but
current error messages do not provide enough CA-related debug context.
2. Azure client creation does not explicitly bind Doris-selected CA file
to curl transport, which can make CA source ambiguous across environments.
### What is changed
1. In Azure client factory, resolve CA file from
`config::ca_cert_file_paths` and set `CurlTransportOptions::CAInfo`.
2. Build a `tls_debug(...)` context at client creation time, including:
- configured CA paths,
- selected CA file, - whether selected CA exists/readable, -
SSL-related env vars (`SSL_CERT_FILE`, `CURL_CA_BUNDLE`, `SSL_CERT_DIR`).
3. Pass TLS debug context into `AzureObjStorageClient`.
4. Append TLS debug suffix only when error message matches TLS CA failure
patterns.
5. Add unit tests for helper logic in `azure_obj_storage_client_test.cpp`:
- `detects_tls_ca_error`
- `appends_debug_suffix_only_for_tls_ca_error`
### What problem does this PR solve?
Issue Number: close #xxx
Related PR: #xxx
Problem Summary:
### Release note
None
### Check List (For Author)
- Test <!-- At least one of them must be included. -->
- [ ] Regression test
- [ ] Unit Test
- [ ] Manual test (add detailed scripts or steps below)
- [ ] No need to test or manual test. Explain why:
- [ ] This is a refactor/code format and no logic has been changed.
- [ ] Previous test can cover this change.
- [ ] No code files have been changed.
- [ ] Other reason <!-- Add your reason? -->
- Behavior changed:
- [ ] No.
- [ ] Yes. <!-- Explain the behavior change -->
- Does this need documentation?
- [ ] No.
- [ ] Yes. <!-- Add document PR link here. eg:
https://github.com/apache/doris-website/pull/1214 -->
### Check List (For Reviewer who merge this PR)
- [ ] Confirm the release note
- [ ] Confirm test cases
- [ ] Confirm document
- [ ] Add branch pick label <!-- Add branch pick label that this PR should
merge into -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
