qianye1001 opened a new pull request, #10303:
URL: https://github.com/apache/rocketmq/pull/10303

   ### Which Issue(s) This PR Fixes
   
   - Fixes #10302
   
   ### Brief Description
   
   Introduce **SNI (Server Name Indication)** support to allow RocketMQ Proxy 
to serve multiple TLS domains with independent certificates on the same port.
   
   **Key changes:**
   
   | File | Change |
   |---|---|
   | `proxy/.../config/TlsDomainConfig.java` | **New** — per-domain TLS config 
POJO |
   | `proxy/.../config/ProxyConfig.java` | Add `tlsDomainConfigs` map field + 
getters/setters |
   | `proxy/.../service/cert/TlsSniManager.java` | **New** — multi-domain 
SslContext manager with wildcard matching |
   | `proxy/.../service/cert/TlsCertificateManager.java` | Extended for 
multi-domain file watching |
   | `proxy/.../grpc/ProxyAndTlsProtocolNegotiator.java` | Use `SniHandler` + 
`TlsSniManager` for gRPC SNI |
   | `proxy/.../grpc/GrpcServer.java` | Update reload handler to use renamed 
method |
   | `proxy/.../remoting/MultiProtocolRemotingServer.java` | Wire up 
`TlsContextProvider` with SNI lookup |
   | `proxy/.../ProxyStartup.java` | Initialize `TlsSniManager` before 
`TlsCertificateManager` |
   | `remoting/.../netty/TlsContextProvider.java` | **New** — SslContext holder 
bridge (remoting ↔ proxy) |
   | `remoting/.../netty/NettyRemotingServer.java` | `TlsModeHandler` uses 
`SniHandler` via `TlsContextProvider` |
   
   **Backward compatibility:** When `tlsDomainConfigs` is not configured, 
behavior is identical to the existing single-cert model.
   
   ### How Did You Test This Change?
   
   - Added unit tests in `TlsSniManagerTest` for wildcard matching, exact 
match, null/empty fallback, multi-level subdomain rejection, and domain context 
reload
   - Updated `TlsCertificateManagerTest` for the new multi-domain constructor
   
   CI will run `mvn -B package` to verify compilation and all existing tests 
pass.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to