Satish11012007 commented on issue #13013: URL: https://github.com/apache/apisix/issues/13013#issuecomment-3901303879
Hi @Baoyuantop, @cybersec-jochenarnold I’ve been looking into this issue and reviewing the relevant code in init.lua. It appears that when router_ssl.get_by_id() loads the upstream SSL object, it is directly assigned to api_ctx.upstream_ssl without going through secret.fetch_secrets(). Because of that, references such as $env://API_UPSTREAM_KEY are not resolved before key processing, which results in the base64 decode failure during aes_decrypt_pkey(). If this issue is not already being worked on, I would be glad to explore a potential improvement by aligning the upstream SSL handling with the existing server-side secret resolution flow. Please let me know if it would be appropriate for me to proceed with a draft fix. Thank you for your guidance. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
