qianye1001 commented on issue #10302:
URL: https://github.com/apache/rocketmq/issues/10302#issuecomment-4542056014

   ## 🤖 Auto-generated Fix Spec (v1)
   
   **Root Cause:** `ProxyConfig` 和 `ProxyAndTlsProtocolNegotiator` 只支持单证书模型,无 
SNI handler。
   
   **Proposed Fix:**
   引入 Netty `SniHandler` 实现 SNI 多域名证书支持。新增 `TlsDomainConfig` POJO 和 
`TlsSniManager` 管理多域 `SslContext`,支持通配符匹配(`*.example.com`),未匹配时 fallback 
到默认证书。完全向后兼容。
   
   **Impact:** 无 breaking change,gRPC + Remoting 双路径覆盖,12 个文件改动。
   
   **Files to modify:**
   - `TlsDomainConfig.java` — 新增,per-domain TLS 配置
   - `TlsSniManager.java` — 新增,多域 SslContext 管理 + 通配符匹配
   - `TlsCertificateManager.java` — 新增,多证书热加载
   - `ProxyConfig.java` — 添加 `tlsDomainConfigs` map
   - `ProxyAndTlsProtocolNegotiator.java` — 使用 `SniHandler`
   - `TlsContextProvider.java` — 新增,remoting ↔ proxy 桥接
   - `NettyRemotingServer.java` — `TlsModeHandler` 使用 SNI
   - 等 12 个文件
   
   ---
   
   @qianye1001 The above is an auto-generated fix proposal based on your issue 
description.
   
   Please reply with one of the following commands:
   - `/approve` — Approve the proposal, a PR will be auto-generated
   - `/revise <your feedback>` — Provide feedback for revision
   - `/reject` — Decline, close the auto-fix flow
   
   > ⏰ This flow will auto-expire in **72 hours** if no response is received.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to