AlinsRan commented on code in PR #11339:
URL: https://github.com/apache/apisix/pull/11339#discussion_r1630706017
##########
apisix/ssl.lua:
##########
@@ -278,8 +278,8 @@ function _M.check_ssl_conf(in_dp, conf)
end
for i = 1, numcerts do
- if not secret.check_secret_uri(conf.cert[i]) and
- not secret.check_secret_uri(conf.key[i]) then
Review Comment:
```lua
local function check_secret_uri(secret_uri)
-- ...
if not string.has_prefix(secret_uri, PREFIX) and
not string.has_prefix(upper(secret_uri), core.env.PREFIX) then
return false, "error secret_uri prefix: " .. secret_uri
end
-- ...
end
```
It will check the `prefix`, and to trigger an error, the following
conditions must be met simultaneously:
1. Use env or secret, which means having the conditions to match the prefix
2. Certs and keys configured
There is also an out of bounds exception, which requires the number of
certificates to be greater than the number of key characters to trigger. This
scenario is rare.
So this PR covers this point, but the master does not.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
