qianye1001 opened a new pull request, #10303: URL: https://github.com/apache/rocketmq/pull/10303
### Which Issue(s) This PR Fixes - Fixes #10302 ### Brief Description Introduce **SNI (Server Name Indication)** support to allow RocketMQ Proxy to serve multiple TLS domains with independent certificates on the same port. **Key changes:** | File | Change | |---|---| | `proxy/.../config/TlsDomainConfig.java` | **New** — per-domain TLS config POJO | | `proxy/.../config/ProxyConfig.java` | Add `tlsDomainConfigs` map field + getters/setters | | `proxy/.../service/cert/TlsSniManager.java` | **New** — multi-domain SslContext manager with wildcard matching | | `proxy/.../service/cert/TlsCertificateManager.java` | Extended for multi-domain file watching | | `proxy/.../grpc/ProxyAndTlsProtocolNegotiator.java` | Use `SniHandler` + `TlsSniManager` for gRPC SNI | | `proxy/.../grpc/GrpcServer.java` | Update reload handler to use renamed method | | `proxy/.../remoting/MultiProtocolRemotingServer.java` | Wire up `TlsContextProvider` with SNI lookup | | `proxy/.../ProxyStartup.java` | Initialize `TlsSniManager` before `TlsCertificateManager` | | `remoting/.../netty/TlsContextProvider.java` | **New** — SslContext holder bridge (remoting ↔ proxy) | | `remoting/.../netty/NettyRemotingServer.java` | `TlsModeHandler` uses `SniHandler` via `TlsContextProvider` | **Backward compatibility:** When `tlsDomainConfigs` is not configured, behavior is identical to the existing single-cert model. ### How Did You Test This Change? - Added unit tests in `TlsSniManagerTest` for wildcard matching, exact match, null/empty fallback, multi-level subdomain rejection, and domain context reload - Updated `TlsCertificateManagerTest` for the new multi-domain constructor CI will run `mvn -B package` to verify compilation and all existing tests pass. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
