qianye1001 commented on issue #10302:
URL: https://github.com/apache/rocketmq/issues/10302#issuecomment-4542709944

   ## Verification Result
   
   **Status:** Validated ✅
   
   **Code verification on `develop` branch:**
   
   1. `ProxyConfig.java` — Only `tlsCertPath` / `tlsKeyPath` fields exist 
(single cert/key pair). No `tlsDomainConfigs` map. **Confirmed.**
   2. `TlsCertificateManager.java` — Watches exactly one cert + one key file 
via `FileWatchService`. No multi-cert support. **Confirmed.**
   3. `ProxyAndTlsProtocolNegotiator.java` — Builds a single static 
`SslContext` from the single cert/key path. No `SniHandler` in pipeline. 
**Confirmed.**
   4. No SNI-related classes (`TlsSniManager`, `SniHostnameMatcher`, 
`TlsContextProvider`) exist in the codebase. **Confirmed.**
   
   **Duplicate note:** Issue #10296 is a duplicate and already closed. This 
issue is the canonical one.
   
   **Proposed labels:** `type/new feature`, `module/proxy`
   
   **Assessment:** Well-scoped feature request. The proposed approach (Netty 
`SniHandler` with per-domain `SslContext`) is the standard pattern. Backward 
compatibility via empty `tlsDomainConfigs` fallback is sound. Implementation 
touches ~16 files (4 new, 8 modified, 4 tests) — moderate complexity.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to