Re: [PR] Restore ssl_multicert.config for compatibility [trafficserver]

Mon, 25 May 2026 16:19:49 -0700 


masaori335 commented on code in PR #13199:
URL: https://github.com/apache/trafficserver/pull/13199#discussion_r3300295491


##########
src/iocore/net/SSLConfig.cc:
##########
@@ -437,7 +440,36 @@ SSLConfigParams::initialize(ConfigContext ctx)
     set_paths_helper(serverCertRelativePath, nullptr, &serverCertPathOnly, 
nullptr);
   }
 
-  configFilePath        = 
ats_stringdup(RecConfigReadConfigPath("proxy.config.ssl.server.multicert.filename"));
+  // Resolve the multicert config path. Prefer the configured path; if the
+  // user is on the default (ssl_multicert.yaml) and it is absent while a
+  // legacy ssl_multicert.config exists alongside, fall back to the legacy
+  // file for backward compatibility.
+  {
+    char rec_buf[PATH_NAME_MAX] = {};
+    RecGetRecordString("proxy.config.ssl.server.multicert.filename", rec_buf, 
PATH_NAME_MAX);
+    const bool record_default = (rec_buf[0] == '\0' || strcmp(rec_buf, 
ts::filename::SSL_MULTICERT_YAML) == 0);
+
+    ats_scoped_str yaml_path(RecConfigReadConfigPath(nullptr, 
ts::filename::SSL_MULTICERT_YAML));
+    ats_scoped_str legacy_path(RecConfigReadConfigPath(nullptr, 
ts::filename::SSL_MULTICERT));
+
+    const bool yaml_exists   = yaml_path && 
swoc::file::exists(swoc::file::path(yaml_path.get()));
+    const bool legacy_exists = legacy_path && 
swoc::file::exists(swoc::file::path(legacy_path.get()));
+
+    if (record_default && !yaml_exists && legacy_exists) {
+      Note("%s not found, falling back to %s", 
ts::filename::SSL_MULTICERT_YAML, ts::filename::SSL_MULTICERT);
+      configFilePath = ats_strdup(legacy_path.get());
+    } else {
+      configFilePath = 
ats_stringdup(RecConfigReadConfigPath("proxy.config.ssl.server.multicert.filename"));
+      if (record_default && yaml_exists && legacy_exists) {
+        Note("%s exists alongside %s; the legacy file is ignored. "
+             "To resolve, either: (a) migrate %s to %s (e.g. 'traffic_ctl 
config convert ssl_multicert') and remove %s, "
+             "or (b) remove %s to fall back to %s.",
+             ts::filename::SSL_MULTICERT, ts::filename::SSL_MULTICERT_YAML, 
ts::filename::SSL_MULTICERT,
+             ts::filename::SSL_MULTICERT_YAML, ts::filename::SSL_MULTICERT, 
ts::filename::SSL_MULTICERT_YAML,
+             ts::filename::SSL_MULTICERT);

Review Comment:
   It's same as what written in doc.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to